Secure File Uploads With Malware Scan
Secure File Uploads with Malware Scan
Every day secure file uploads with malware scan to applications across functionalities such as document management systems, homestead and insurance forms, project planning, and messaging and collaboration applications. These uploads are essential for many digital processes but also create vulnerabilities that threat actors can exploit to inject malware, gain unauthorized access, and disrupt systems. Implementing validation, sanitization, and access control measures are critical to ensuring application integrity, protecting sensitive data, and building trust with users.
A common vulnerability involving file uploads is remote code execution, where an attacker includes or executes malicious code in the uploaded content to cause unintended system behaviours. The attacker can take advantage of any dynamic processes triggered by the uploaded content, such as when the file path is included in URLs or API calls, to run commands remotely on the server.
Malware Scanning API Documentation: Key Features Developers Need
Another vulnerability leveraging file uploads is directory traversal, which is an attack where the attacker uses the file extension to navigate into directories on the server to retrieve sensitive information or execute attacks. The server can be vulnerable to this if there are no restrictions on allowed extensions or if the MIME type is not validated.
Securing files against these threats requires a combination of security controls, which is why the Trend Micro WAF supports multiple security policies for file uploads, including an on-upload malware scan. This cloud-native feature automatically scans blobs for malware when they are uploaded to storage, providing near real-time protection without the need for extra infrastructure or maintenance. On-upload malware scanning can be enabled for individual application and for an entire subscription, with a set of filters that allow you to exclude specific blob paths, suffixes, and sizes from scans.
