Kirk Jackson presented at the 2011 OWASP NZ Day. The talk was titled "File Uploads are EVIL!".
Allowing users to upload files to your website and later download them is complicated to get right. In this talk, Kirk tried to distill some of the knowledge and experience collected during penetration testing client applications and give advice on how to safely receive, store and return user-generated files.
Download the whitepaper: OWASP_NZDay_2011_KirkJackson_FileUploadConsiderations.pdf