|
|
| Line 1: |
Line 1: |
| − | == V16: File and Resources Verification Requirements ==
| + | {{taggedDocument |
| − | '''Control Objective'''
| + | | type=delete |
| − | | + | | comment=Tagged via fixme/delete. |
| − | Ensure that a verified application satisfies the following high level requirements:
| + | }} |
| − | | |
| − | * Untrusted file data should be handled accordingly and in a secure manner
| |
| − | * Obtained from untrusted sources are stored outside the webroot and limited permissions.
| |
| − | | |
| − | | |
| − | '''Security Verification Requirements:'''
| |
| − | | |
| − | {| class="wikitable" | |
| − | ! # !! Description !! L1 !! L2 !! L3 !! Since |
| |
| − | |-
| |
| − | | 16.1 || Verify that URL redirects and forwards only allow whitelisted destinations, or show a warning when redirecting to potentially untrusted content. || ✓ || ✓ || ✓ || 2.0
| |
| − | |- | |
| − | | 16.2 || Verify that untrusted file data submitted to the application is not used directly with file I/O commands, particularly to protect against path traversal, local file include, file mime type, reflective file download, and OS command injection vulnerabilities. || ✓ || ✓ || ✓ || 3.1
| |
| − | |- | |
| − | | 16.3 || Verify that files obtained from untrusted sources are validated to be of expected type and scanned by antivirus scanners to prevent upload of known malicious content. || ✓ || ✓ || ✓ || 2.0
| |
| − | |-
| |
| − | | 16.4 || Verify that untrusted data is not used within inclusion, class loader, or reflection capabilities to prevent remote/local code execution vulnerabilities. || ✓ || ✓ || ✓ || 3.1
| |
| − | |-
| |
| − | | 16.5 || Verify that untrusted data is not used within cross-domain resource sharing (CORS) to protect against arbitrary remote content. || ✓ || ✓ || ✓ || 2.0
| |
| − | |-
| |
| − | | 16.6 || Verify that files obtained from untrusted sources are stored outside the webroot, with limited permissions, preferably with strong validation. || || ✓ || ✓ || 3.0
| |
| − | |-
| |
| − | | 16.7 || Verify that the web or application server is configured by default to deny access to remote resources or systems outside the web or application server. || || ✓ || ✓ || 2.0
| |
| − | |-
| |
| − | | 16.8 || Verify the application code does not execute uploaded data obtained from untrusted sources. || ✓ || ✓ || ✓ || 3.0
| |
| − | |-
| |
| − | | 16.9 || Verify that unsupported, insecure or deprecated client-side technologies are not used, such as NSAPI plugins, Flash, Shockwave, Active-X, Silverlight, NACL, or client-side Java applets. || ✓ || ✓ || ✓ || 3.1
| |
| − | |-
| |
| − | | 16.10 || Verify that the cross-domain resource sharing (CORS) Access-Control-Allow-Origin header does not simply reflect the request's origin header or support the "null" origin. || ✓ || ✓ || ✓ || 3.1
| |
| − | |}
| |
| − | | |
| − | '''References:'''
| |
| − | | |
| − | For more information, see also:
| |
| − | | |
| − | * [File Extension Handling for Sensitive Information](https://www.owasp.org/index.php/Unrestricted_File_Upload)
| |
| − | * [Reflective file download by Oren Hatif](https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/)
| |
