Exclude unverifiable files
Summary
Binary and other types of files, which are often not audited for security purposes, should not be stored in the source code repository.
Description
Binary files usually have a file size greater than their source counterpart, which can eventually affect a repository performance. Changes done to them are often hard to track for versioning tools or make no sense for a reviewer. Furthermore, security audits on binary files are more complicated or simply not performed, and these could contain serious vulnerabilities such as backdoors, rootkits and exposed sensitive information.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🟢 |
| Advanced | 🟢 |
References
- OWASP-M TOP 10-M10. Extraneous functionality threat agents
- MITRE ATT&CK®-M1013. Application developer guidance
- CMMC-SI_L1-3_14_5. System & file scanning
- HITRUST CSF-09_h. Capacity management
- ISO/IEC 27002-8_28. Secure coding
- WASC-W_01. Insufficient authentication
- NIST SSDF-PS_3_1. Archive and protect each software release
- ISSAF-P_6_16. Host security - Linux security (file and directory permission attacks)
- OWASP ASVS-8_3_5. Sensitive private data
- ISO/IEC 27001-8_28. Secure coding
- CASA-8_3_5. Sensitive Private Data
Vulnerabilities
- 117.Unverifiable files
- 298.Authentication mechanism absence or evasion - Redirect
- 299.Authentication mechanism absence or evasion - JFROG
- 300.Authentication mechanism absence or evasion - Azure
- 365.Authentication mechanism absence or evasion - Response tampering
- 370.Authentication mechanism absence or evasion - Security Image
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.