Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
GET A DEMO

REQ.039 Define maximum file size

This document contains the details of the security requirements related to the definition and management of files in the organization. This requirement establishes the importance of defining a maximum value for files sizes in the application, in order to avoid DoS attacks.

Requirement

The files manipulated by the system and the users must have defined a maximum file size (5MB recommended).

Description

When a system allows to upload or attach files to be stored, the maximum file size limit must be defined for these files, to avoid issues involving the availability of the service and reducing the chance that an attacker may upload a file containing malicious software.

Implementation

In order to define the file size limit, you must first define the information storage needs, and the infrastructure size. The company can set a default file size for information management, and define the exceptions they deem necessary to increase the admitted file size, but always keeping a defined limit to avoid denial of service attacks caused by abusing of the system storage.

Attacks

  1. An application allows to upload and store files. A user uploads files of large size until generating a denial of service because of the lack of space in the system.

Attributes

  • Layer: Application layer.

  • Asset: Files.

  • Scope: Availability.

  • Phase: Operation.

  • Type of Control: Recommendation.


Service status - Terms of Use