Test Upload of Unexpected File Types
OWASP
OWASP Web Security Testing Guide 4.2 > 10. Business logic Testing > 10.8. Test Upload of Unexpected File Types
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
10.8 | WSTG-BUSL-08 | Test Upload of Unexpected File Types | - Review the project documentation for file types that are rejected by the system. - Verify that the unwelcomed file types are rejected and handled safely. Also, check whether the website only check for "Content-type" or file extension. - Verify that file batch uploads are secure and do not allow any bypass against the set security measures. |
See my notes on Arbitrary File Upload
See my notes on Arbitrary File Upload
Last update: 2024-04-03 Created: December 27, 2023 10:52:37