Skip to content

Test Upload of Malicious Files

OWASP

OWASP Web Security Testing Guide 4.2 > 10. Business logic Testing > 10.9. Test Upload of Malicious Files

ID Link to Hackinglife Link to OWASP Description
10.9 WSTG-BUSL-09 Test Upload of Malicious Files - Identify the file upload functionality. - Review the project documentation to identify what file types are considered acceptable, and what types would be considered dangerous or malicious. - If documentation is not available then consider what would be appropriate based on the purpose of the application. - Determine how the uploaded files are processed. - Obtain or create a set of malicious files for testing. - Try to upload the malicious files to the application and determine whether it is accepted and processed.

See my notes on Arbitrary File Upload

See my notes on Arbitrary File Upload

Last update: 2024-04-03
Created: December 27, 2023 10:52:37