Scan files for malicious code
Summary
The system must validate that the content of the files transferred to it is free of malicious code.
Description
This refers to a cybersecurity control that involves implementing mechanisms to regularly inspect files for the presence of malicious code or malware. This control is helps to identify and mitigate potential security threats, as malicious code can pose significant risks to the security of a system.
Supported In
This requirement is verified in following services
Plan | Supported |
---|---|
Essential | 🟢 |
Advanced | 🟢 |
References
- CAPEC™-17. Using malicious files
- CAPEC™-23. File content injection
- CAPEC™-165. File manipulation
- CAPEC™-549. Local execution of code
- CIS-2_5. Allowlist authorized software
- CWE™-509. Replicating malicious code (virus or worm)
- CWE™-749. Exposed dangerous method or function
- NERC CIP-003-8_5_1. Transient cyber asset and removable media malicious code risk mitigation
- MITRE ATT&CK®-M1016. Vulnerability scanning
- MITRE ATT&CK®-M1049. Antivirus/antimalware
- SANS 25-10. Unrestricted upload of file with dangerous type
- CMMC-MA_L2-3_7_4. Media inspection
- CMMC-RA_L2-3_11_2. Vulnerability scan
- CMMC-SI_L1-3_14_2. Malicious code protection
- CMMC-SI_L1-3_14_5. System & file scanning
- HITRUST CSF-09_j. Controls against malicious code
- FedRAMP-CA-2_2. Security assessment - Specialized assessments
- FedRAMP-RA-5. Vulnerability scanning
- FedRAMP-SI-3. Malicious code protection
- ISA/IEC 62443-SI-3_2. Malicious code protection
- WASSEC-6_2_4_10. Command execution - Potential malicious file uploads
- OSSTMM3-11_3_1. Data networks security (active detection verification) - Filtering
- NIST SSDF-PS_3_1. Archive and protect each software release
- ISSAF-J_4. Network security - Anti-virus system (objective)
- ISSAF-Q_16_27. Host security - Windows security (DLL injection attack)
- OWASP SCP-12. File management
- OWASP ASVS-10_2_1. Malicious code search
- OWASP ASVS-10_2_6. Malicious code search
- CWE TOP 25-434. Unrestricted upload of file with dangerous type
Vulnerabilities
- 027. Insecure file upload
- 354. Insecure file upload - Files Limit
- 413. Insecure file upload - DLL Injection
- 424. Sideloaded
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.