Ideas for Improving ASP and ASP.NET Web Application Security

Print Add To Favorites Email To Friend Rate This Article
Ideas for Improving ASP and ASP.NET Web Application Security - Part 2

page 10 of 11

by Brett Burridge
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 12779/ 154

Article Contents:

Be wary of uploaded files

If you have a file upload facility within your website then it is critical to perform a check on the types of files that may be uploaded. This is especially critical if the uploaded content is going to be saved to a folder that is accessible via the web. This is because an uploaded file type could be executed on the server by a user who makes a standard browser request for the file once it has been uploaded.

Although it is essential to black-list certain file types (such as .asp, .aspx, and if your server supports it, .php), a safer alternative is to provide a white-list of specific file types that can be uploaded (such as .jpg, .gif and .png for an image upload facility). It is also worthwhile including a maximum file size that can be uploaded - most file uploading server components allow such a limit to be set.

If you are intending to use uploaded files (such as resumes submitted by candidates using a job vacancies site for example) then it is also a good idea to implement a virus checking facility before the content reaches a business processes that make use of the uploaded file.

« (Page 9)

View Entire Article

(Page 11) »

User Comments

No comments posted yet.

Product Spotlight