Sanitizing image and pdf files prior to upload
Does your site allow for file uploads of any sort? Pdfs? Jpegs? Anything whatsoever?
All these file formats are notorious for allowing malware to piggyback onto them (a technique known as Steganography).
How do you protect your file uploads? How do you think a service like facebook or Pinterest allow millions of file uploads every day – knowing that these could contain malware?
One alternative is to check your files for malware WHILE uploading – i.e. as part of the upload process, subject them to a scan of some sort.
Metascan is one such service – if you use their file upload in your web app, you can check images, pdfs etc. for malware
Leave a Reply