Full Disclosure mailing list archives

Re: ASHX, ASMX or What?

From: Nahuel Grisolia <nahuel () bonsai-sec com>
Date: Fri, 24 Jun 2011 13:47:28 -0300

Chris,

On 06/24/2011 01:37 PM, Christian Sciberras wrote:

You shouldn't filter against known files, but do the reverse, you should
filter against known good files.

Oh and the medium you decide to throw this data should have special checks
against execution etc...


Yeap! I know that, "yes to white lists" and "avoid the use of black
lists", and other stuff related to a secure file up-loader, but the
filter I'm trying to bypass is like the one I described.

anyway, thanks for your quick response!

regards,
-- 
Nahuel Grisolia - C|EH
Information Security Consultant
Bonsai Information Security Project Leader
http://www.bonsai-sec.com/
(+54-11) 4777-3107

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

ASHX, ASMX or What? Nahuel Grisolia (Jun 24)
- Re: ASHX, ASMX or What? Christian Sciberras (Jun 24)
  - Re: ASHX, ASMX or What? Nahuel Grisolia (Jun 24)
  - Re: ASHX, ASMX or What? Thor (Hammer of God) (Jun 24)