From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Vulnerability: Dangerous uploaded file type
From the course: ASP.NET MVC 5 Identity: Authentication and Authorization
Vulnerability: Dangerous uploaded file type
- [Instructor] Allowing users to upload files can be a great feature that enriches the content and user experience of a web application. However, it creates space for attacks. Let us say that our university application allows our students to upload their profile images to the server so they can have a complete profile. Uploaded images are saved in the public folder Profiles. Now, a user, by uploading an ASPX file, with dangerous ASP.NET code instead of an image file, the server could be easily attacked. A way to prevent users from uploading dangerous content will be by creating a blacklist of all the file extensions that we do not want them to upload. But of course there are too many file extensions, and we might forget one of them. So an easier approach would be by using a white list of allowed file extensions and reject all the files that do not match the extensions.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
Vulnerability: Object binding vulnerability3m 34s
-
Vulnerability: Dangerous uploaded file type58s
-
Vulnerability: Excessive authentication attempts1m 30s
-
Vulnerability: XSS filter evasion48s
-
Vulnerability: Inclusion of third-party ccripts57s
-
Vulnerability: Cross-site request forgery (CSRF)1m 59s
-
Vulnerability: Open redirect1m 33s
-
-