WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [WEB SECURITY] [Web Security] File Upload Virus Scanning

From: 0x4150 <0x4150 () gmail com>
Date: Fri, 9 Jul 2010 17:31:37 -0500
Danux,

The transfer (up and down) will have to be HTTPS as the file contains
sensitive information.


Apart from Content-type header in the response, also make sure to use
HTTP instead of HTTPS when sending the file to the end user, this way,
there is a change that another security control like IDS/IPS can catch
the file while flowing back to the end user through the network.


Robert,

Thanks for that awesome explanation! +1 Kudos



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: