Exclude unverifiable files
Summary​
Binary and other types of files, which are often not audited for security purposes, should not be stored in the source code repository.
Description​
Binary files usually have a file size greater than their source counterpart, which can eventually affect a repositorys performance. Changes done to them are often hard to track for versioning tools or make no sense for a reviewer. Furthermore, security audits on binary files are more complicated or simply not performed, and these could contain serious vulnerabilities such as backdoors, rootkits and exposed sensitive information.
Supported In​
This requirement is verified in following services:
| Plan | Supported |
|---|---|
| Machine | 🟢 |
| Squad | 🟢 |
References​
- OWASP-M TOP 10-M10. Extraneous functionality threat agents
- MITRE ATT&CK®-M1013. Application developer guidance
- CMMC-SI_L1-3_14_5. System & file scanning
- HITRUST CSF-09_h. Capacity management
- ISO/IEC 27002-8_28. Secure coding
- WASC-W_01. Insufficient authentication
- NIST SSDF-PS_3_1. Archive and protect each software release
- ISSAF-P_6_16. Host security - Linux security (file and directory permission attacks)
- OWASP ASVS-8_3_5. Sensitive private data
- ISO/IEC 27001-8_28. Secure coding
- CASA-8_3_5. Sensitive Private Data
Vulnerabilities​
- 117. Unverifiable files
- 298. Authentication mechanism absence or evasion - Redirect
- 299. Authentication mechanism absence or evasion - JFROG
- 300. Authentication mechanism absence or evasion - Azure
- 365. Authentication mechanism absence or evasion - Response tampering
- 370. Authentication mechanism absence or evasion - Security Image
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.