1
00:00:00,930 --> 00:00:09,240
Unvalidated file upload is a very critical vulnerability for Web applications, since if

2
00:00:09,240 --> 00:00:17,010
present, it allows an attacker in a very short time to upload, for example, a webshell on the

3
00:00:17,010 --> 00:00:19,660
server and take possession of it.

4
00:00:20,610 --> 00:00:23,430
The remedies in the management of upload

5
00:00:23,430 --> 00:00:31,950
files, are reported in the best practices of the slide, among the most important indications:

6
00:00:32,320 --> 00:00:36,810
check the type of incoming file before accepting it.

7
00:00:37,290 --> 00:00:40,880
Remember that checking the extension is not enough.

8
00:00:41,430 --> 00:00:49,230
But among the metadata of the file, check the so-called magic number consisting of the first four

9
00:00:49,290 --> 00:00:54,780
bytes of the header of the file, that identifies its type.

10
00:00:58,970 --> 00:01:01,360
Thank you for your kind attention.