This series, and my blog, have moved!
Allowing files to be uploaded to your applications (and therefore your network) is risky business. In fact, it just may be the riskiest functionality that you can add to a web application.
If you decide to include file uploads in your applications, you should:
- Scan all uploaded files with an application to analyze the files for malicious characteristics such AssemblyLine (free from the Canadian Government, which can be installed locally so you do not need to share your files with a 3rd party), Cylance, FireEye or Virus Total.
- Follow the advice in the OWASP File Uploads cheat sheet.
- Watch Episode #14 of the OWASP DevSlop show with Dominique Righetto to see code and more on how to implement these safeguards. This episode is in French with English Subtitles (most episodes are recorded in English). While you are at it, why not subscribe to our YouTube channel? If you like this blog, you are likely to also enjoy the show.
Start Security Earlier! SecTor 2018
Here are some points to take home, as summarized from the OWASP File Uploads Cheat Sheet, written by Dave Wichers:
· Ensure the application is...
Top comments (0)