DescriptionEpiserver has out-of-the-box field validation for file type, file size, and number of files uploaded but it does not have magic number/signature audit. This article contains recommendations for additional magic number file upload security.ResolutionProcessing application requests in the global.asax and validating the request for upload at that time.
The supported file extensions in Episerver can be seen here.
Find a database of signature codes (that is up-to-date) and build a d...
DescriptionThis article describes the step needed to set the secure flag on the episerver login cookie.ResolutionSetting “requireSSL” on the EPiServer login form in the web.config resolves the issue.
<forms name=".EPiServerLogin" loginUrl="Util/login.aspx" timeout="120" defaultUrl="~/" requireSSL="true" />