Recently we have had several inquiries into the risks surrounding uploading files. Here's some how you can think about this risk:
File uploads have become a critical feature in today's application security. As the availability of human resources and systems continues to be critical to business operations, file upload usage will continue to escalate as will the features these devices offer. For example, to allow an end user to upload files to the websites such as social networking sites, web blogs, forums, e-banking sites, video blogs, or corporate support portals, gives the opportunity to the end user to efficiently share files with corporate employees. These all open the door for a malicious user to compromise your server. These users are allowed to upload images, videos, avatars and many other types of files.
The more access controls provided to the end user, the greater the risk of having a vulnerable web application and the chance that such functionality will be abused from malicious users, to gain access to a specific website, or to compromise a server is very high.
It is, therefore, imperative that proper risk management be applied and security access controls, policies implemented to maximize the benefits while minimizing the risks associated with such features.
A list of best practices that should be enforced when file uploads is allowed on websites or any applications. These practices will help you securing file upload forms used in web applications. Few of the recommended practices include:
• Restrict the user to upload the files in a directory outside the server root.
• Prevent overwriting of existing files (to prevent the .htaccess overwrite attack).
• Create a list of accepted mime-types (map extensions from these mime types).
• Generate a random file name and add the previously generated extension.
• Don't rely on client-side validation only, since it is not enough. Ideally one should have both server-side and client-side validation implemented.
As seen above, there are many ways how a malicious user can bypass file upload form security. For this reason, when implementing a file upload form in a web application, one should make sure to follow correct security guidelines and test them properly. Enterprises that have been considering the use of file uploads in their environment should calculate the benefits that the technology can offer them and the additional risks that are incurred. Once benefits and risks are understood, businesses should utilize a governance framework to ensure that process and policy changes are implemented and understood, and that appropriate levels of security are applied to prevent data loss.
If you have additional questions regarding Secure Development Lifecycle contact Karl Kispert at karl.kispert@aujas.com.