Denial of service is when attackers prevent other users from connecting to a web server, usually by overwhelming the server with more requests than the server can handle.
- File upload abuse is when an attacker abuses … public file upload features of a website. … It's common for web applications … to allow users to upload files. … These are a few common examples … when a web application might encourage users … to send in images, video or other files. … There are many ways that file upload features … can be abused. … The most common types of abuse … are uploading files which are too numerous, … too large or too frequent. … Too many files or files which are too large … can use up all of a server's storage space. … Files sent too frequently … can slow down server processing … or monopolize server connections … potentially even leading to a denial of service. … Another potential abuse … is users uploading the wrong content type, … for example, the application expects an image, … but the user uploads a movie instead. … Malware represents the most serious form … of file upload abuse. … Malware may pretend to be a different file type … in order to avoid raising suspicion. …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.