Securing file upload
👋 Hello technical folks ~
File uploads have become an essential feature for many web applications, allowing users to share documents, images, and/or videos from the comfort of their personal device(s) anytime anywhere. However, this convenience comes with significant security risks if they are not managed properly!
File upload vulnerabilities can open the door to a variety of attacks and exploitation. Ever wonder how websites handle file uploads from users securely? In this article, we will share the importance of file upload security, the common threats, and the best practices for ensuring secure file handling.
Common Threats
Malicious Files and Malware
Malicious actors may upload files containing scripts or malware (e.g., viruses, ransomware) to infect your system or other users’ devices. If these files are executed or opened without verification, they can potentially lead to exposure of sensitive data or even compromising your server. They may also attempt to disguise these files by using techniques such as spoofing their extensions or metadata.
Denial of Service (DoS)
Uploading extremely large files or sending numerous file upload requests in a short span can overwhelm a server, leading to a denial-of-service attack. This can be abused by malicious actors to overload your system, making the application unavailable to other users.
Best Practices for File Upload
Set Requirements
Before we even start to code this feature into our application, we have to ask ourselves questions such as what is the expected file format, what is the average file size for this document, and how often we expect users to upload. This can help us better design our defence mechanism without compromising user experience. If we are only expecting .pdf and .docx files from our users, having a whitelist of allowed extensions will avoid malicious content from being uploaded.
For more information about setting requirements for file upload, refer to our previous article.
Implement Verification
Our next line of defence is to have both client and server-side verification. Client-side verification provides real-time feedback to our users by checking the files before they are sent to servers. Server-side verification then checks again to ensure only the allowed file can be successfully uploaded. Client-side verification can be bypassed easily which is essential to have both verification in place.
Also, serialise or randomise file names to remove any special characters or control sequences from file names that could be exploited for injection attacks.
Quarantine until verified safe
It is also good practice to quarantine the file in a separate workflow till we can determine it is safe to be processed by any downstream system. Files at this point should also be scanned for malware to further minimise risk of malicious file slipping through.
Also, apply least privilege principle by assigning read-only access and storing uploaded files in non-executable directories to disallow files from having any execution permission.
By understanding the threats posed by file uploads and implementing best practices such as client and server-side verification, malware scanning, and privilege controls, we can significantly reduce the risk of exploitation.
Share your experiences with us in the comments section below. Till then, stay safe and keep learning!
🧙🏼♀ Team Merlin 💛
Application security is not any individual’s problem but a shared responsibility.
Securing file upload was originally published in Government Digital Products, Singapore on Medium, where people are continuing the conversation by highlighting and responding to this story.