Dev Sec
In Code Like A Girl. More on Medium.
This series, and my blog, has moved! Check it out!
The previous article in this series was Part 5.5 — File Uploads.
Recently removed from the OWASP Top Ten, unvalidated redirects and forwards are a sub-set of the problem of poor input validation. If you properly validate all input, including input in the address bar and/or obtained from the user, you will not have this problem.
Below is a rehash of input validation, from the viewpoint of using redirects and forwards.
This series, and my blog, have moved!
Allowing files to be uploaded to your applications (and therefore your network) is Risky Business. In fact, it just may be the riskiest functionality that you can add to a web application.
If you decide to include file uploads in your applications, you should:
1. Scan all uploaded files with an application to analyze the files for malicious characteristics such AssemblyLine (free from the Canadian Government, can be installed locally so you do not need to share your files with a 3rd party), Cylance, FireEye or Virus Total.
2. Follow the advice in the OWASP File Uploads cheat sheet.
3. Watch Episode #14 of the OWASP DevSlop show with Dominique Righetto to see code and more on….
Read the rest of this article on my NEW blog!
Code Like A Girl
A space that celebrates Women in Technology.
