Skip to content

Test Upload of Unexpected File Types

OWASP

OWASP Web Security Testing Guide 4.2 > 10. Business logic Testing > 10.8. Test Upload of Unexpected File Types

ID Link to Hackinglife Link to OWASP Description
10.8 WSTG-BUSL-08 Test Upload of Unexpected File Types - Review the project documentation for file types that are rejected by the system. - Verify that the unwelcomed file types are rejected and handled safely. Also, check whether the website only check for "Content-type" or file extension. - Verify that file batch uploads are secure and do not allow any bypass against the set security measures.

See my notes on Arbitrary File Upload

See my notes on Arbitrary File Upload

Last update: 2024-04-03
Created: December 27, 2023 10:52:37