Pete Freitag has launched HackMyCF, a site that can test your ColdFusion servers for security holes, missing hotfixes and patches, and more. You simply provide a server host name and e-mail address, and the app runs a scan and e-mails you a report. Highly recommended!
Very cool. However, is there anything done to verify that a person owns the domain that they type in? Or will this just be a tremendously valuable tool for hackers to have someone else find the vulnerabilities in a potential target site?
Disregard that last comment – I see now that the address the report is emailed to needs to be from the same domain as the site to be checked for vulnerabilities.
Yes but the question at the heart of the matter is how secure is Pete’s Server?
*Is it on a shared server
*Who has access to the information
*How much information is collected
Looks like a great service and would consider using it / paying for it but need more information inside the Terms / Privacy.