Have a User Upload a File to Be Used on Website

Does your website allow users to upload files? Learn secure file upload all-time practices and prevent dangerous vulnerabilities and attacks.

Almost every web application accepts user input, and one of the most mutual types of input is in the form of file uploads. Whether information technology'south a consumer application where users are uploading photos, or a business application that accepts pdfs and word documents, file uploads are an essential characteristic. However, they too open up the site to a host of potential risks and vulnerabilities.

Exploited by a hacker, a file upload vulnerability can open upwardly a site to malware, unauthorized server access, attacks to website visitors, the hosting of illegal files, and much more.

• Table of Contents
• Types of file upload attacks
• Important questions to ask yourself
• How to secure your file uploads
  • Option one: Use a third party system
  • Option ii: DIY secure file upload
  • How to secure file uploads yourself
  • Additional assail prevention tips

Tabular array of Contents

• Types of file upload attacks
• Important questions to inquire
• How to secure file uploads
  • Pick i: How to use a third political party
  • Option 2: DIY secure file upload
• How to secure file uploads yourself
• Set on prevention tips

Types of file upload attacks

File upload attacks tin can exist grouped into 4 categories. When creating a organization that accepts files from users, it'south important to evaluate the risks associated with each category and add security checks to defend against them:

1. File metadata attacks – The path and file name can trick an application into copying the file to an unexpected location that could overwrite an important file and cause unexpected behavior. For example, an attacker could use control characters in the filename to trick the system into overwriting an important configuration file.
2. File size attacks – An unexpectedly large file can cause an application to overload or fail. For example, an attacker could use a botnet to trigger the simultaneous uploads of very large (or very small!) files that result in legitimate requests not existence fulfilled.
3. File content attacks – The content of the file tin be apply to manipulate the beliefs of the application. The outcome of this attack depends entirely on how the file is used and candy. For instance, uploaded and executed malware could be used to reveal a primal that gives an assaulter access to the arrangement.
4. File access attacks – The admission rules around uploaded files can exist misconfigured, resulting in unauthorized. For example, a misconfigured AWS S3 configuration could result in individual user photos beingness accessible to the public.

To become a more than detailed wait into the types of attacks that are possible, this talk by Yahoo security researcher Ebrahim Hegazy goes over 15 common scenarios in exploiting file upload pages:

Important questions to ask yourself

Now you lot that y'all know what attacks you are up against, it'south time to offset asking questions virtually your arrangement. Get through the following checklist of questions to identify potential vulnerabilities and prevent malicious uploaders from exploiting your system. The answers will give you insight into the risks that you are currently facing and help you decide the toll of a project to secure any existing vulnerabilities.

• Which users should have the ability to upload a file?
• Which users should accept the ability to read the file?
• Is the file displayed anywhere, and if then, where?
• What kind of files can be uploaded?
• How is the metadata (file name and path) processed by the application?
• Is the file or any role of the file executed, and if and so, where?
• What third party libraries interact with the file?

How to secure your file uploads

After you've answered the to a higher place questions for your system, or if you lot are dealing with a projection where you are developing a file upload characteristic from the ground upward, there are technical decisions to make. Mainly, deciding whether it is improve to employ an off-the-shelf arrangement to secure file uploads, or build it in-house.

Option i: Use a third party system

Using an off-the-shelf file upload arrangement can be a fast way to attain highly secure file uploads with minimal effort. If there are no special storage requirements or legacy systems to migrate, this option tin exist a great way for organizations to back up file uploads by users. Especially if development resources are constrained.

These services usually offer enterprise-grade security with features such every bit antivirus scanning, user access controls, and well-documented and updated libraries in many common languages. Creating a secure file upload arrangement using a third party is as easy equally integrating their JavaScript library into the application's frontend, then using the backend libraries to access the files as necessary past the system.

There are many services on the market that are available for developers. The most popular include:

Filestack – Previously Filepicker.io, Filestack was/is one of the start pop file uploading services. Since then, they've added advanced enterprise-level features while still maintaining an attainable free program.

Transloadit – Transloadit offers an open-source uploader widget that tin can optionally pair with their paid file hosting and processing services.

Cloudinary – Specializing in publishers where uploaded content mostly comes from within the organization, Cloudinary offers an image and video upload service that specializes in advanced transformations.

Uploadcare – A more affordable upstart that provides uploads, media processing, and adaptive commitment for spider web and mobile.

Third political party security considerations

Considering a 3rd party is treatment the upload, storage, and delivery, the security risks are significantly reduced. Files are no longer saved on your organisation's infrastructure and this reduces the chances of a system-wide vulnerability. However, access command to the files and how the files are processed by the organisation after the upload are still potential risks that must exist assessed.

When making the decision to use a tertiary political party, at that place are a couple important considerations:

Pros of using third political party file upload

• Attain a loftier level of security that is constantly being improved and updated to reflect the latest best practices
• Reduce monetary and time costs to maintain a organization by using a 3rd political party that specializes in file uploads
• Increased scalability working with a specialist that powers file uploading for

Cons of using third political party file upload

• Less control equally you lot practise not accept direct access to the infrastructure behind file storage
• Cannot be used for data that must exist on-bounds
• Upward front cost to switch to a 3rd party if in that location is an existing legacy file upload organization

Selection 2: DIY secure file upload

The other choice is to handle file uploads in-house and build protections against the nearly common vulnerabilities. Choosing an in-house solution is a good selection for organizations that take special requirements for their data that prevent 3rd-party vendors from being used (for example, highly sensitive documents). An in-house solution is also a good selection if the file upload system is part of a larger legacy system that would result in a prohibitively expensive migration.

Pros of DIY File Uploads

• More than control and extensibility for custom workflows
• Can be used for on-premises information

Cons of DIY File Uploads

• Security must be constantly updated to reflect new all-time practices
• More expensive to maintain every bit it requires in-house expertise
• Harder to scale out since infrastructure needs to be put together from scratch

How to secure file uploads yourself

If y'all exercise make up one's mind to implement the security yourself, these recommendations volition help you avoid the 4 types of file upload attacks that were mentioned to a higher place:

• Use a whitelist of immune file types
  • Notation: Conversely, blacklisting file extensions is not recommended as there are many ways that this weak protection method can exist bypassed.
• Verify file blazon against the whitelist earlier upload
• Employ input validation to prevent the whitelist from being bypassed using the filename
• Use input validation to prevent the metadata from existence exploited. For example, remove any unnecessary metadata such every bit exif information from images and remove control characters from filenames and extensions.
• Remove whatever unnecessary file evaluation
• Limit the size of the filename
• Limit the size of the file (unexpectedly pocket-sized files and large files tin both be used in denial of service attacks)
• Limit the directory to which files are uploaded
• Scan all files with antivirus software (virtually normally ClamAV, an open-source AV engine, or using an API such as AttachmentScanner )
• Proper name the files randomly or using a hash instead of past the user'southward input. This will prevent an assailant from scripting access to uploaded files using the file's proper noun as an assail vector.
• Simplify error letters. Remove any directory paths and server configurations from fault letters that attackers could use.
• Check the uploaded directory to make sure the read/write/execute user permissions are right.

Additional attack prevention tips

The tips in a higher place cover the nuts when information technology comes to keeping file uploads safe. However, when developing an application that requires high-security, it tin be worth edifice in boosted protection. The following recommendations go over more advanced techniques for applications that require enterprise-grade security.

• Use a Captcha to foreclose uploads from bots and scripts
• Remove threats that are embedded in documents such as PDFs and DOCX files using content disarm and reconstruction techniques
• Protect yourself from Cross Site Asking Forgery attacks using these CSRF security methods
• Use POST methods instead of PUT. Read more nearly HTTP method exploits here .
• Log user activities, and protect the logging mechanism from code injection and log forgery
• When decompressing files, check all uncompressed files individually in the same style that all files are checked
• Inspect write access to key configuration files such as ".htaccess" or "web.config" to brand certain that the file uploading system cannot access them
• Defend against Wink or PDF-based cantankerous-site content-hijacking by adding the "Content-Disposition: Attachment" and "X-Content-Type-Options: nosniffrest" headers
• Disable browser caching for clientaccesspolicy.xml and corssdomain.xml files in order to be able to speedily restrict admission to certain web services without having to wait for clients' caches to invalidate.
• Validate CORS headers to ensure that they are only enabled for publicly accessible data. All other data should return CORS headers that only accept authorized URLs. But use "Admission-Control-Allow-Credentials" when necessary, and the "Admission-Command-Permit-Headers" and "Admission-Control-Allow-Methods" headers should be reviewed too.

Creating a secure file upload organization tin can be challenging even without having to retrieve of security. Notwithstanding, investments made in creating a secure organization prevent plush security breaches that tin have a significant affect on an arrangement'due south reputation and lesser line. Every bit a developer, it's of import to place cost-effective ways to handle file upload security and evaluate the tradeoffs between an in-house and third-party solution. If you lot are interested in exploring the benefits of using a tertiary-party, call us today at ane-888-415-1885 or:

Contact Sales

Read More →

straughteraltors.blogspot.com

Source: https://blog.filestack.com/thoughts-and-knowledge/secure-file-upload/

Share this post