Understanding File Upload Security for Web Applications
Citation
Karishma Pooj, Sonali Patil "Understanding File Upload Security for Web Applications", International Journal of Engineering Trends and Technology (IJETT), V42(7),342-347 December 2016. ISSN:2231-5381. www.ijettjournal.org. published by seventh sense research group
Abstract
In today’s times the web model has become an important mechanism in terms of information and services delivery over the internet. With the success of the internet, it becomes important to take into account the security of the web application layer from various unauthorized user attacks. The main reason for security awareness is due to lack of trustworthiness of the applications programming logic or input validation. The best way of preventing application exploitability is to enforce good security policies through the applications. This can be done only when the client and server collaborate to achieve the desired security goals eliminating the possibility of such attacks. In this paper we focus on file upload exploits with respect to web application security. Various test cases will be explained along with the impact which will help security testers and application developers to maintain the confidentiality and integrity of user data. Finally, potential steps for mitigation will be provided in order to restrict such attacks.
References
[1] X Lie and Y Xue. " A Survey on Web Application Security." Vanderbilt University, “http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.434.7174&rep=rep1&type=pdf”.
[2] Web Application Security Statistics, “http://projects.webappsec.org/w/page/13246989/WebApplication SecurityStatistics.”
[3] Ulfar Erlingsson, Benjamin Livshits, Yinglian Xie, " Microsoft Reasearch", “http://research-srv.microsoft.com/en-us/um/people/livshits/papers/pdf/hotos07.pdf”.
[4] Ashwani Garg, Shekhar Singh. "A Review on Web Application Security Vulnerabilities." International Journal of Advanced Research in Computer Science and Software Engineering (2013): 222-226.
[5] Rafique, Sajjad, Mamoona Humayun, Zartasha Gul, Ansar Abbas, and Hasan Javed. "Systematic Review of Web Application Security Vulnerabilities Detection Methods." Journal of Computer and Communications 03.09 (2015): 28-40.
[6] B. Shaikh, "Web Server Security and Survey on Web Application Security," International Journal on Recent and Innovation Trends in Computing and Communication, vol. 2, no. 1, pp. 114–119, Jan. 2014.
[7] Jaiswal, Arunima, Gaurav Raj, and Dheerendra Singh. "Security Testing of Web Applications: Issues and Challenges." International Journal of Computer Applications88.3 (2014): 26-32.
[8] OWASP Top 10-2013, “https://www.owasp.org/index.php/Top_10_2013-Top_10.”
Keywords
—Web Application Security, Malicious File Upload, File Upload Security.