Tag
file-upload
Safeguard articles tagged "file-upload" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Application Security
Preventing path traversal in Node.js file upload and serving code
path.join() doesn't stop ../../etc/passwd — CVE-2024-12905 and Zip Slip show why Node.js needs explicit containment checks, not just path normalization.
Jul 14, 20266 min read
Web Security
File Upload Vulnerability Prevention: A Practical Guide
File upload functionality is one of the most dangerous features in web applications. This guide covers the attack vectors, bypass techniques, and layered defenses needed to handle file uploads securely.
May 5, 20227 min read