.NET Daily

Passive Security Tip: Deny Unused file extensions in an ASP.NET website

Introduction

Darius

Darius

Darius Dumitrescu is a creative Senior CMS Consultant with in depth .NET knowledge, focused on Web Development and Architecture Design.


LATEST POSTS

My View of a JIRA Workflow for Web Development 17th April, 2018

How To Solve: SQL Server detected a logical consistency-based I/O error: invalid protection option. 19th March, 2018

ASP.net

Passive Security Tip: Deny Unused file extensions in an ASP.NET website

Posted on .

There are cases when for example due to poor form validation, an attacker can upload a .bat file instead of a picture on a form and after that can execute the malicious .bat file via URL.

Remedy

ASP.NET allows developers to specify in the web.config file certain file or services extensions that they won’t be used in the application.

Below you have an example of the web.config section where you can specify the banned extensions:

Darius

Darius

Darius Dumitrescu is a creative Senior CMS Consultant with in depth .NET knowledge, focused on Web Development and Architecture Design.

There are no comments.

View Comments (0) ...
Navigation