We are conducting penetration tests for different applications in our infrastructure and the testers use Eicar files to test applications for blocking malicious files. Our environments are CylanceProtect enabled and the testers are using the Eicar test file which is signature-based and not flagged by Cylance because the file is not doing anything malicious. Is there a file/approach that can be used for this test scenario? Given the testers are independent/external entities, how we can have them properly test the applications and not flag our applications for “Unrestricted File Upload” vulnerability?
↧