TL;DR
File uploads are dangerous. Validate file types by content (not extension), set size limits, store files outside your web root, generate random filenames, and never execute uploaded content. 5 critical items must be fixed before launch, 5 important items within the first week, and 4 recommended items when you can.
File uploads are one of the most dangerous features you can add to an app. Every uploaded file is essentially untrusted input until proven otherwise, and a single oversight can let attackers execute code on your server. If you are accepting uploads from users, do not skip any of these.
Quick Checklist (5 Critical Items)
File Validation 4
Storage Security 4
Malware Protection 3
Access Control 3
Uploads Are a Major Attack Vector
File uploads are consistently one of the most dangerous features to implement. A single vulnerability can let attackers upload malicious scripts and gain full control of your server. The OWASP top 10 includes unrestricted file uploads as a critical risk.
When in doubt, do not accept uploads at all. If you must, use cloud storage with signed URLs, validate everything, and never execute uploaded content.
How do I validate file types securely?
Do not trust file extensions. Check the file content using magic bytes or MIME type detection libraries. Even then, be cautious. Attackers can craft files that pass MIME checks but contain malicious content.
Should I scan uploaded files for malware?
Yes, if accepting files that could contain malware (documents, executables). Use services like ClamAV or cloud-based scanning APIs. For images, re-encoding can strip embedded malware.
Is it safe to accept image uploads?
Images are safer than documents or executables but still risky. Validate MIME type, re-encode using an image library (strips metadata and embedded code), and serve from a separate domain or cloud storage.
Check Your Upload Security
Scan your application for file upload vulnerabilities.