Compare file format and extension
Summary
The system must validate that the format (structure) of the files corresponds to their extension.
Description
empty
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🟢 |
| Squad | 🟢 |
References
- CAPEC™-11. Cause web server misclassification
- CAPEC™-165. File manipulation
- CWE™-434. Unrestricted upload of file with dangerous type
- CWE™-646. Reliance on file name or extension of externally-supplied file
- SANS 25-10. Unrestricted Upload of File with Dangerous Type
- WASSEC-6_2_4_10. Command execution - Potential malicious file uploads
- NIST SSDF-PS_3_1. Archive and protect each software release
- ISSAF-J_7_3_5. Network security - Anti-virus system (methodology)
- ISSAF-Q_16_27. Host security - Windows security (DLL injection attack)
- OWASP SCP-12. File management
- CWE TOP 25-434. Unrestricted upload of file with dangerous type
- NIST 800-115-3_6. File integrity checking
- OWASP ASVS-12_5_1. File download
- OWASP ASVS-12_5_2. File download
Vulnerabilities
- 027. Insecure file upload
- 354. Insecure file upload - Files Limit
- 413. Insecure file upload - DLL Injection
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.