Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Content monitorting in Application Security

from [Martin Mačok] Network Security [Permanent Link]
Subject: Re: Content monitorting in Application Security
Date: Mon, 10 Jan 2005 10:35:58 +0100 
On Sun, Jan 09, 2005 at 04:22:35PM -0500, Ofer Shezaf wrote:


Do you think that matching extension and content type header would be
enough? If no, are you aware of any technology to determine a file type
according to its content?


Name        : file
URL         : ftp://ftp.gw.com/mirrors/pub/unix/file/
Summary     : A utility for determining file types.

Description :
The file command is used to identify a particular file according to the
type of data contained by the file.  File can identify many different
file types, including ELF binaries, system libraries, RPM packages, and
different graphics formats.

% file *.*
activity.png:           PNG image data, 598 x 639, 8-bit/color RGB, 
non-interlaced
apache_chunked.nasl:    ISO-8859 English text
eicar.com:              ASCII text, with no line terminators
hadi.scr:               MS Windows PE 32-bit Intel 80386 GUI executable
hadi.zip:               Zip archive data, at least v2.0 to extract
japanesesubway.wmv:     Microsoft ASF
jihlava-praha.ps:       PostScript document text conforming at level 3.0
music.mp3:              MP3 file with ID3 version 2.3.0 tag
Ricany-info.pdf:        PDF document, version 1.4
ssl-lwp.pl:             a /usr/bin/perl -w script text executable
upgrade.sh:             Korn shell script text executable


Martin Mačok
ICT Security Consultant
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Content monitorting in Application Security, Ofer Shezaf
Next by Date:  Re: How to list all the URLs on a web server, PCSage Information Services
Previous by Thread:  RE: Content monitorting in Application Security, Ofer Shezaf
Next by Thread:  RE: Content monitorting in Application Security, Antoine Martin
Indexes:  [Date] [Thread] [Top] [All Lists]