FREE TRAINING – 30-MINUTE COURSE

File Upload Security

Now Available On-Demand

Join Jim Manico for a 30-minute live training session presented in a friendly classroom environment. Book your seat today and step up your secure coding game!

Allowing users to upload files to your web or API application can be inherently risky. This module focuses on understanding the various attacks associated with file upload features and other file I/O-intensive functionalities. It's crucial to recognize the potential threats and implement robust security measures to mitigate them.

Key topics covered include:

  • Understanding File Upload Attacks: A comprehensive exploration of the types of attacks targeting file upload features, helping you recognize and anticipate potential vulnerabilities.
  • Security Steps for Safe File Uploads: We'll delve into an extensive array of security measures designed to ensure the safety of uploaded files. These measures include:
  • Filename Indirection: Implementing strategies to avoid direct use of user-supplied filenames, thereby reducing the risk of file path manipulation and related attacks.
  • Lookup Maps: Utilizing lookup maps as a method to securely reference files, enhancing control over file access and management.
  • Anti-Malware Strategies: Incorporating anti-malware solutions to scan and validate uploaded files, ensuring they are free from malicious content.
  • Content Introspection Schemes: Employing techniques like image rewriting, which involves analyzing and possibly altering the content of uploaded images to prevent hidden attacks embedded within them.
  • Coordinated Defensive Techniques: Ensuring that these complex defensive techniques are properly coordinated and integrated into the application's architecture. This coordination is essential for maintaining a robust defense without compromising functionality or user experience.

Bonus Content:
On-demand access to class recordings >> You can share with your internal team
A comprehensive courseware package >> Get actionable examples, best practices, and resources

 

Register the Course

Edgescan requires the data you provide in order to share product information. By submitting this form, you agree to our collection and use of your information in accordance with our Privacy Policy. You may opt out at any time.

 

Who Should Attend:

- Software Engineers
- Application Security Analysts
- DevOps Practitioners
- IT Decision-Makers
- Security Enthusiasts
- Anyone interested in writing secure code

Meet Your Instructor

Edgescan_Jim

Jim Manico

Founder, Manicode Security, and Edgescan Strategic Technical Advisor

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of “Iron-Clad Java: Building Secure Web Applications” from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series.

Edgescan and Jim Manico are offering a series of courses that have been carefully curated and map to the top 10 vulnerabilities discovered in 2023 by Edgescan. 

Expand your knowledge and ensure your skills are honed to eradicate the most prevalent vulnerabilities discovered in 2023. Gear up for a secure coding journey guided by security guru Jim Manico and aligned to the most common vulnerabilities discovered in 2023 by Edgescan.

Check out our full class offering on the Edgescan website >>

Edgescan-Logo-All-Withe

Copyright © 2023 Edgescan  All Rights Reserved  |  Privacy Policy
Dublin: Unit 701 Northwest Business Park, Dublin 15, D15  CH256   |   New York: 33 West 60th Street, New York, NY 10023