Saturday, June 6, 2009

File Upload Forms, Common Security Issues

Acunetix released a paper on common security problems with "file upload" forms, with some examples.
Common problems such as:
- Simple upload without validation
- MIME type validation
- Blocking dangerous extensions
- Double extensions
- Image header checking
- .htaccess protection
- Client side validation
http://www.acunetix.com/websitesecurity/Why-File-Upload-Forms-are-a-Major-Security-Threat.pdf

No comments: