FREE TRAINING – 30-MINUTE COURSE
File Upload Security
Now Available On-Demand
Join Jim Manico for a 30-minute live training session presented in a friendly classroom environment. Book your seat today and step up your secure coding game!
Allowing users to upload files to your web or API application can be inherently risky. This module focuses on understanding the various attacks associated with file upload features and other file I/O-intensive functionalities. It's crucial to recognize the potential threats and implement robust security measures to mitigate them.
Key topics covered include:
- Understanding File Upload Attacks: A comprehensive exploration of the types of attacks targeting file upload features, helping you recognize and anticipate potential vulnerabilities.
- Security Steps for Safe File Uploads: We'll delve into an extensive array of security measures designed to ensure the safety of uploaded files. These measures include:
- Filename Indirection: Implementing strategies to avoid direct use of user-supplied filenames, thereby reducing the risk of file path manipulation and related attacks.
- Lookup Maps: Utilizing lookup maps as a method to securely reference files, enhancing control over file access and management.
- Anti-Malware Strategies: Incorporating anti-malware solutions to scan and validate uploaded files, ensuring they are free from malicious content.
- Content Introspection Schemes: Employing techniques like image rewriting, which involves analyzing and possibly altering the content of uploaded images to prevent hidden attacks embedded within them.
- Coordinated Defensive Techniques: Ensuring that these complex defensive techniques are properly coordinated and integrated into the application's architecture. This coordination is essential for maintaining a robust defense without compromising functionality or user experience.
On-demand access to class recordings >> You can share with your internal team
A comprehensive courseware package >> Get actionable examples, best practices, and resources
Register the Course
Who Should Attend:
- Software Engineers
- Application Security Analysts
- DevOps Practitioners
- IT Decision-Makers
- Security Enthusiasts
- Anyone interested in writing secure code
Meet Your Instructor
Founder, Manicode Security, and Edgescan Strategic Technical Advisor
Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of “Iron-Clad Java: Building Secure Web Applications” from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series.
Edgescan and Jim Manico are offering a series of courses that have been carefully curated and map to the top 10 vulnerabilities discovered in 2023 by Edgescan.
Expand your knowledge and ensure your skills are honed to eradicate the most prevalent vulnerabilities discovered in 2023. Gear up for a secure coding journey guided by security guru Jim Manico and aligned to the most common vulnerabilities discovered in 2023 by Edgescan.