A few days ago I blogged about a list of PHP vulnerabilities and how they applied to ColdFusion users as well. With that in mind I've created a one page resource for ColdFusion users:
ColdFusion Security Checklist
If you ever forget the URL, just check the Guides pod to the right. Let me be absolutely clear on this:
Security is not a task item.
Security is not something you can tack on at the end.
Security is a way of life, a religion. You need to keep it in your head from the very first day a project starts until the end of the world.
So please keep the above points in mind. I made this checklist as a simple high level reminder of things to keep in mind. I can imagine a manager sharing it with his or her employees. It is not meant to be a book.
The unfortunate thing is that even this simple list is ignored by far too many people.
I know that some people will disagree with some of the items on the list. I've already taken some feedback from folks, but it will never make everyone happy. At the end of the day, I hope the list provides some guideposts to at least a) steer you in the right direction and more importantly b) keep security in mind as you develop.