Exclude unverifiable files
Binary and other types of files, which are often not audited for security purposes, should not be stored in the source code repository.
Binary files usually have a file size greater than their source counterpart, which can eventually affect a repositorys performance. Changes done to them are often hard to track for versioning tools or make no sense for a reviewer. Furthermore, security audits on binary files are more complicated or simply not performed, and these could contain serious vulnerabilities such as backdoors, rootkits and exposed sensitive information.
This requirement is verified in following services:
- OWASP-M TOP 10-M10. Extraneous functionality threat agents
- MITRE ATT&CK®-M1013. Application developer guidance
- CMMC-SI_L1-3_14_5. System & file scanning
- HITRUST CSF-09_h. Capacity management
- ISO/IEC 27002-8_28. Secure coding
- WASC-W_01. Insufficient authentication
- NIST SSDF-PS_3_1. Archive and protect each software release
- ISSAF-P_6_16. Host security - Linux security (file and directory permission attacks)
- OWASP ASVS-8_3_5. Sensitive private data
- ISO/IEC 27001-8_28. Secure coding
- CASA-8_3_5. Sensitive Private Data
- 117. Unverifiable files
- 298. Authentication mechanism absence or evasion - Redirect
- 299. Authentication mechanism absence or evasion - JFROG
- 300. Authentication mechanism absence or evasion - Azure
- 365. Authentication mechanism absence or evasion - Response tampering
- 370. Authentication mechanism absence or evasion - Security Image
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.