Yes, an Adobe ColdFusion talk in 2024. It's been a busy 18 months for ColdFusion security -- from new 0-day vulnerabilities discovered to the wild to ancient vulnerabilities being part of ransomware playbooks. Even if you haven't embraced modern CFML, ColdFusion remains a common legacy application platform found in organizations of all sizes and verticals. In this talk we'll look at a series of ColdFusion vulnerabilities, map out the attack surface of modern ColdFusion environments, and consider some approaches for attack surface reduction. So whether you consider ColdFusion to be a modern JVM scripting language, legacy application tech debt, or an easy pentest win, this talk is for you. And if you're too cool for ColdFusion, just squint and pretend it's a Java talk.