Site icon Filestack Blog

Secure File Upload: Blocking Malicious Uploads

 

Does your website allow users to upload files? Learn secure file upload best practices and prevent dangerous vulnerabilities and attacks.

Almost every web application accepts user input, and one of the most common types of input is in the form of file uploads. Whether it’s a consumer application where users are uploading photos, or a business application that accepts pdfs and word documents, file uploads are an essential feature. However, they also open up the site to a host of potential risks and vulnerabilities.

Exploited by a hacker, a file upload vulnerability can open up a site to malware, unauthorized server access, attacks to website visitors, the hosting of illegal files, and much more.

Table of Contents

Types of file upload attacks

File upload attacks can be grouped into 4 categories. When creating a system that accepts files from users, it’s important to evaluate the risks associated with each category and add security checks to defend against them:

  1. File metadata attacks – The path and file name can trick an application into copying the file to an unexpected location that could overwrite an important file and cause unexpected behavior. For example, an attacker could use control characters in the filename to trick the system into overwriting an important configuration file.
  2. File size attacks – An unexpectedly large file can cause an application to overload or fail. For example, an attacker could use a botnet to trigger the simultaneous uploads of very large (or very small!) files that result in legitimate requests not being fulfilled.
  3. File content attacks – The content of the file can be use to manipulate the behavior of the application. The outcome of this attack depends entirely on how the file is used and processed. For example, uploaded and executed malware could be used to reveal a key that gives an attacker access to the system.
  4. File access attacks – The access rules around uploaded files can be misconfigured, resulting in unauthorized. For example, a misconfigured AWS S3 configuration could result in private user photos being accessible to the public.

To get a more detailed look into the types of attacks that are possible, this talk by Yahoo security researcher Ebrahim Hegazy goes over 15 common scenarios in exploiting file upload pages:

Important questions to ask yourself

Now you that you know what attacks you are up against, it’s time to start asking questions about your system. Go through the following checklist of questions to identify potential vulnerabilities and prevent malicious uploaders from exploiting your system. The answers will give you insight into the risks that you are currently facing and help you determine the cost of a project to secure any existing vulnerabilities.

How to secure your file uploads

After you’ve answered the above questions for your system, or if you are dealing with a project where you are developing a file upload feature from the ground up, there are technical decisions to make. Mainly, deciding whether it is better to use an off-the-shelf system to secure file uploads, or build it in-house.

Option 1: Use a third party system

Using an off-the-shelf file upload system can be a fast way to achieve highly secure file uploads with minimal effort. If there are no special storage requirements or legacy systems to migrate, this option can be a great way for organizations to support file uploads by users. Especially if development resources are constrained.

These services usually offer enterprise-grade security with features such as antivirus scanning, user access controls, and well-documented and updated libraries in many common languages. Creating a secure file upload system using a third party is as easy as integrating their JavaScript library into the application’s frontend, then using the backend libraries to access the files as necessary by the system.

There are many services on the market that are available for developers. The most popular include:

Filestack – Previously Filepicker.io, Filestack was/is one of the first popular file uploading services. Since then, they’ve added advanced enterprise-level features while still maintaining an accessible free plan.

Transloadit – Transloadit offers an open-source uploader widget that can optionally pair with their paid file hosting and processing services.

Cloudinary – Specializing in publishers where uploaded content mostly comes from within the organization, Cloudinary offers an image and video upload service that specializes in advanced transformations.

Uploadcare – A more affordable upstart that provides uploads, media processing, and adaptive delivery for web and mobile.

Third party security considerations

Because a third party is handling the upload, storage, and delivery, the security risks are significantly reduced. Files are no longer saved on your system’s infrastructure and this reduces the chances of a system-wide vulnerability. However, access control to the files and how the files are processed by the system after the upload are still potential risks that must be assessed.

When making the decision to use a third party, there are a couple important considerations:

Pros of using third party file upload

Cons of using third party file upload

Option 2: DIY secure file upload

The other option is to handle file uploads in-house and build protections against the most common vulnerabilities. Choosing an in-house solution is a good option for organizations that have special requirements for their data that prevent third-party vendors from being used (for example, highly sensitive documents). An in-house solution is also a good option if the file upload system is part of a larger legacy system that would result in a prohibitively expensive migration.

Pros of DIY File Uploads

Cons of DIY File Uploads

How to secure file uploads yourself

If you do decide to implement the security yourself, these recommendations will help you avoid the 4 types of file upload attacks that were mentioned above:

Additional attack prevention tips

The tips above cover the basics when it comes to keeping file uploads safe. However, when developing an application that requires high-security, it can be worth building in additional protection. The following recommendations go over more advanced techniques for applications that require enterprise-grade security.

Creating a secure file upload system can be challenging even without having to think of security. However, investments made in creating a secure system prevent costly security breaches that can have a significant impact on an organization’s reputation and bottom line. As a developer, it’s important to identify cost-effective ways to handle file upload security and evaluate the tradeoffs between an in-house and third-party solution. If you are interested in exploring the benefits of using a third-party, call us today at 1-888-415-1885 or:

Contact Sales


Exit mobile version