Understanding MIME & Media Type Sniffing: Risks & Prevention ๐Ÿ›ก๏ธ

Learn how MIME and media type sniffing work, the security vulnerabilities they can cause, and best practices to protect your web applications from related attacks.

Understanding MIME & Media Type Sniffing: Risks & Prevention ๐Ÿ›ก๏ธ
Hussein Nasser
26.4K views โ€ข Sep 9, 2018
Understanding MIME & Media Type Sniffing: Risks & Prevention ๐Ÿ›ก๏ธ

About this video

Any content served through HTTP โ€œshouldโ€ include meta data about its type. This is so the browser/client knows what to do with the content it receives. For example, if the content type header is an image the browser will preview it, if it is HTML it will render the markup and execute any javascript code.

Content type however is optional and web masters sometimes donโ€™t set it, which leave the browsers wondering about the content type it is consuming. So browsers had to implement parsing and โ€œsniffingโ€ techniques to detect the type of content when a content type header was not served.

However, this caused security problems and attacks that we explain in this video! So to prevent sniffing, web servers can return X-Content-Type-Options: nosniff which opts out browsers from sniffing the content.


Media type: https://en.wikipedia.org/wiki/Media_type#Common_examples


Cheers!
Hussein Nasser

Tags and Topics

Browse our collection to discover more content in these categories.

#mime sniffing #content sniffing #content sniffing attack #Content-Type sniffing security #X-Content-Type-Options: nosniff

Video Information

Views

26.4K

Likes

567

Duration

10:42

Published

Sep 9, 2018

User Reviews

4.6
(5)
Rate:

Related Trending Topics

LIVE TRENDS

Related trending topics. Click any trend to explore more videos.

Trending Now
v
200+