WebAppSec/Secure Coding Guidelines: Difference between revisions

Jump to navigation Jump to search

WebAppSec/Secure Coding Guidelines (view source)

Revision as of 23:59, 31 January 2011

128 bytes removed ,  31 January 2011
→‎Image Upload
Line 332: Line 332:
'''Upload Verification'''  
'''Upload Verification'''  


*Ensure the image dimensions are within the defined range for the application (example 50x50 to 200x200). ''Interesting. Why?''
*Use image rewriting libraries to verify the image is valid and to strip away extraneous content.  
*Use image rewriting libraries to verify the image is valid and to strip away extraneous content.  
*Set the extension of the stored image to be a valid image extension based on the detected content type of the image from image processing (e.g. do not just trust the header from the upload).  
*Set the extension of the stored image to be a valid image extension based on the detected content type of the image from image processing (e.g. do not just trust the header from the upload).  
Mcoates
Confirmed users
491

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/281271"

Navigation menu