R041. Scan files for malicious code

Requirement

The system must validate that the content of the files transferred to it is free of malicious code.

References

  1. CWE-749: Exposed Dangerous Method or Function. The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

  2. OWASP-ASVS v4.0.1 V10.1 Code Integrity Controls.(10.1.1) Verify that a code analysis tool is in use that can detect potentially malicious code, such as time functions, unsafe file operations and network connections.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy