WebApp Sec mailing list archives
Re: Content monitorting in Application Security
From: Ivan Ristic <ivanr () webkreator com>
Date: Sat, 08 Jan 2005 00:13:54 +0000
Alfred Hitchcock wrote:
Hi All, I have a major doubt it would be of great help if anybody can provide solution to this. I have a web page which allows to upload files such as jpeg and html files.Is there any mechanisms which can detect malicious html files. E.g. if a html page has got a malicious java script such as alert('xss') then how can we check these things. One more point to be noted here is that uploading of file can be done by any user.
Why don't you modify your web page/application to analyze the files that are being uploaded? For HTML, one option is to use simple keyword search to detect malicious stuff. But a better approach is to decompose/parse HTML and then pick up only the elements you know are safe (e.g. leave out the Javascript altogether). On a web server level, mod_security can intercept and inspect files before they reach the application. This can come in handy if you need to enforce a site-wide policy or if you can't change the application for some reason. -- Ivan Ristic (http://www.modsecurity.org)
Current thread:
- Content monitorting in Application Security Alfred Hitchcock (Jan 07)
- Re: Content monitorting in Application Security Ivan Ristic (Jan 08)
- Re: Content monitorting in Application Security Paul Laudanski (Jan 08)
- Re: Content monitorting in Application Security Jeremiah Grossman (Jan 08)
- <Possible follow-ups>
- RE: Content monitorting in Application Security Security (Jan 08)
- RE: Content monitorting in Application Security Paul Laudanski (Jan 09)
- RE: Content monitorting in Application Security Ofer Shezaf (Jan 09)
- Re: Content monitorting in Application Security Martin Mačok (Jan 10)
- RE: Content monitorting in Application Security Antoine Martin (Jan 10)
- Re: Content monitorting in Application Security oliver.karow (Jan 10)
- Re: Content monitorting in Application Security Ivan Ristic (Jan 10)
- Re: Content monitorting in Application Security Jeremiah Grossman (Jan 13)
(Thread continues...)