Join Kevin Skoglund for an in-depth discussion in this video File-upload abuse, part of Programming Foundations: Web Security.
- File upload abuse is not really a hack,…but it is still an attack that's worth guarding against.…File upload abuse is simply abuse…of allowed file upload features.…Imagine that you have a website…that lets users upload files.…Now, imagine that I write a script…that will upload a one megabyte file to your server…and I tell it to loop one million times.…That's one terabyte of data…that I'm putting on your server.…Would your web server run out of hard drive space?…Probably…and it would probably cause it to slow down…or stop functioning for legitimate users.…
So, file upload abuse can be used…to upload too much data,…either files that are too large…or too many files that combined,…add up to too much data,…and it can be used to upload malicious files.…Let's say something like a virus or a worm.…Those could be uploaded as files to your server…waiting for someone to open them up…and then that would cause their computer to be infected.…So, how do we protect against it?…Well, fortunately, it's not that hard.…First, a good policy is to require user authentication…
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
1. Security Overview
2. General Security Principles
3. Filtering Input, Controlling Output
4. The Most Common Attacks
5. Encryption and User Authentication
6. Other Areas of Concern
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.