.NET Daily

Passive Security Tip: Deny Unused file extensions in an ASP.NET website

Introduction

Darius

Darius

Darius Dumitrescu is a creative Senior CMS Consultant with in depth .NET knowledge, focused on Web Development and Architecture Design.


LATEST POSTS

Tips for Effective IT Projects Estimates 23rd December, 2017

Tips about Project Status Reports 05th October, 2017

ASP.net

Passive Security Tip: Deny Unused file extensions in an ASP.NET website

Posted on .

There are cases when for example due to poor form validation, an attacker can upload a .bat file instead of a picture on a form and after that can execute the malicious .bat file via URL.

Remedy

ASP.NET allows developers to specify in the web.config file certain file or services extensions that they won’t be used in the application.

Below you have an example of the web.config section where you can specify the banned extensions:

Darius

Darius

Darius Dumitrescu is a creative Senior CMS Consultant with in depth .NET knowledge, focused on Web Development and Architecture Design.

There are no comments.

View Comments (0) ...
Navigation