Thirteen steps to make your file upload more robust against attack.
Pragmatic cyber security tips to help secure your file upload feature, forming part of an application, such as internet facing web application.
1. All validation processes should be performed on the server, not on the client side, this is to prevent user manipulation from the client. The user will normally not have access to the server backend.
2. Validate file types and file size, use server-side validation, only permit specific file types and never accept any file type with no checking. Limit the file size to prevent large uploads, as this could be used as a denial-of-service attack to consume the server resources.
2. Use encryption in transit (HTTPS) never have any unencrypted data in transit. It is free to implement.
3. Filter file names to prevent malicious text, limit special characters, also limit on the length of all file names. This also reduces the risk of crashing an application because of malformed names developed by an attacker.
4. Use anti-virus and malware scanners on the server, to scan uploaded files for any malicious content. Infected files should be rejected, not used, and recorded in a log.
5. The destination folder for any uploaded files should have their permissions limited so that uploaded files cannot be directly executed or accessed by unauthorized users. Files should not be accessible by a webservice or from a web accessible folder.
7. Create and store a hash value of the uploaded files. This can later be used to check the integrity of the file data if the file upload is ever called into question.
8. Encrypt all file data at rest, when files are not in use they are encrypted and helps protect from unauthorised access.
9. Use access controls, specifying who can upload files and who can access them. Authenticate and authorize users before allowing them to upload or retrieve files. Use role-based access control (RBAC) so that only authorized users have the necessary permissions and use least privilege to prevent excessive user permission.
10. Include rate limiting and throttling to prevent abuse with the file upload. This helps protect against denial-of-service attacks.
11. Add detective controls, by using comprehensive logging and monitoring for file upload activities. Monitor for any suspicious or abnormal behaviour, failed uploads etc.
12. Update and patch when necessary, all software including both commercial and software written in house.
13. Publish the rules of file upload use to the users so they know what is allowed and not allowed.
There may be variations to the above as not all applications are built equal. The information presented will save you time when designing or retrofitting security into a file upload feature.