Test Upload of Malicious Files
OWASP
OWASP Web Security Testing Guide 4.2 > 10. Business logic Testing > 10.9. Test Upload of Malicious Files
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
10.9 | WSTG-BUSL-09 | Test Upload of Malicious Files | - Identify the file upload functionality. - Review the project documentation to identify what file types are considered acceptable, and what types would be considered dangerous or malicious. - If documentation is not available then consider what would be appropriate based on the purpose of the application. - Determine how the uploaded files are processed. - Obtain or create a set of malicious files for testing. - Try to upload the malicious files to the application and determine whether it is accepted and processed. |
See my notes on Arbitrary File Upload
See my notes on Arbitrary File Upload
Last update: 2024-04-03 Created: December 27, 2023 10:52:37