According to http://www.theregister.co.uk/2009/09/08/web_app_security_survey/ the top 3 security issues in web applications are:

• SQL injection where end users can effect the SQL executed
• Cross-site scripting (XSS) where users can cause JavaScript to be run by other users
• Cross-request forgery (CSRF) where actions can executed as if a user is logged in, without that user actually having the site open in his browser.

The following explains how ColdFusion can help protect you from each.

The Reactor ORM framework for ColdFusion recently gained a useful feature called 'filters'.

Filters stand midway between using the built in object-based query language and 'rolling your own' methods using CFQUERY.

Keynote - Adobe

ColdFusion 8

Many awards - great media coverage too
talks up Gartner review saying that CF use should be expanded, was previously 'contain' and don't use for new projects.

Here are the presentation slides and the example files for my 'ColdSpring Introduction and Web Services' talk that I just gave at the 'Scotch on the Road' conference in Manchester.

For those who don't remember, Spectra was an Adobe application framework that provided a web based desktop and work flow capabilities on top of ColdFusion, that has since been retired and then open sourced.