Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec: Re: Content monitorting in Application Security

Re: Content monitorting in Application Security

From: Ivan Ristic <ivanr_at_webkreator.com>
Date: Mon, 10 Jan 2005 16:16:42 +0000

Ofer Shezaf wrote:
>
> Do you think that matching extension and content type header would be
> enough? If no, are you aware of any technology to determine a file type
> according to its content?

   No. The extension and the content type are provided by the client,
   therefore they cannot be trusted. You have to look into the file
   to verify it.

-- 
Ivan Ristic (http://www.modsecurity.org)

Received on Jan 10 2005

This message: [ Message body ]
Next message: Jeremiah Grossman: "Re: Content monitorting in Application Security"
Previous message: Kartik Trivedi: "Google Hacking and SiteDigger 2.0"
In reply to: Ofer Shezaf: "RE: Content monitorting in Application Security"
Next in thread: Jeremiah Grossman: "Re: Content monitorting in Application Security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]