Sewar Khalifeh
Sewar Khalifeh is a cybersecurity consultant specializing in Secure by Design principles, with over three years of experience in the banking and telecommunications industries. She currently works as a Secure by Design consultant for CLOUDYRION, conducting security assessments for cloud/hybrid solutions, and leading security initiatives that pushes digital transformation journeys.
Holding multiple certifications, including ECIH, CEH, and OCI Security Professional, she is passionate about advocating for security best practices and sharing insights through workshops and community engagements.
Session
Unrestricted file uploads pose a significant threat to application security, allowing attackers to exploit various vulnerabilities and gain unauthorised access to systems and data. And there are some potential risks associated with unrestricted file uploads, such as: Triggering vulnerabilities in libraries/applications, abusing real-time security tools, executing malicious code and unauthorised access to sensitive files. In addition to the standard security best practices for file uploads, such as restricting file size, types, and extensions; experts recommends security controls to further enhance protection and validate files. These technologies include Content Disarm and Reconstruction (CDR), multi-AV scanning, sandboxing, and single-AV scanning. The aim of this presentation is to provide a detailed walkthrough of the risks and attacks associated with unrestricted file upload vulnerabilities, review the protective technologies available, outline proper mitigation strategies, and give practical examples on how to secure your environment against malicious uploads.