Full Disclosure mailing list archives
Re: ASHX, ASMX or What?
From: Nahuel Grisolia <nahuel () bonsai-sec com>
Date: Fri, 24 Jun 2011 13:47:28 -0300
Chris, On 06/24/2011 01:37 PM, Christian Sciberras wrote:
You shouldn't filter against known files, but do the reverse, you should filter against known good files. Oh and the medium you decide to throw this data should have special checks against execution etc...
Yeap! I know that, "yes to white lists" and "avoid the use of black lists", and other stuff related to a secure file up-loader, but the filter I'm trying to bypass is like the one I described. anyway, thanks for your quick response! regards, -- Nahuel Grisolia - C|EH Information Security Consultant Bonsai Information Security Project Leader http://www.bonsai-sec.com/ (+54-11) 4777-3107 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ASHX, ASMX or What? Nahuel Grisolia (Jun 24)
- Re: ASHX, ASMX or What? Christian Sciberras (Jun 24)
- Re: ASHX, ASMX or What? Nahuel Grisolia (Jun 24)
- Re: ASHX, ASMX or What? Thor (Hammer of God) (Jun 24)
- Re: ASHX, ASMX or What? Christian Sciberras (Jun 24)