diff --git a/documentations/owasp/filetype-checking.png b/documentations/owasp/filetype-checking.png
new file mode 100644
index 0000000000000000000000000000000000000000..f54cbbfc2bff8ab2593c9e0007106404c61f83e7
Binary files /dev/null and b/documentations/owasp/filetype-checking.png differ
diff --git a/documentations/owasp/input-sanitazion.png b/documentations/owasp/input-sanitazion.png
new file mode 100644
index 0000000000000000000000000000000000000000..6177e6c41b8344804e42ff923246e71c10be62fd
Binary files /dev/null and b/documentations/owasp/input-sanitazion.png differ
diff --git a/documentations/owasp/parameterized.png b/documentations/owasp/parameterized.png
new file mode 100644
index 0000000000000000000000000000000000000000..a3fbecf2b6d5869397e24b56a0804f7fba6321c6
Binary files /dev/null and b/documentations/owasp/parameterized.png differ
diff --git a/documentations/owasp/sqli.png b/documentations/owasp/sqli.png
new file mode 100644
index 0000000000000000000000000000000000000000..0fa6c7523dd859c51e0093cb79ac32c94443fe08
Binary files /dev/null and b/documentations/owasp/sqli.png differ
diff --git a/src/services/FilmService.php b/src/services/FilmService.php
index e0191a2033f3edb237964cd13451a2a897e6332d..ff6e49f22d4541d12a82a697eb5f1cc3a88f042a 100644
--- a/src/services/FilmService.php
+++ b/src/services/FilmService.php
@@ -159,7 +159,6 @@ class FilmService extends Service {
     private function getPosterImagePath(): ?string
     {
         $posterImagePath = null;
-
         if(isset($_FILES['film_poster']) && $_FILES['film_poster']['name'] !== ''){
             $posterImagePath = saveFile($_FILES['film_poster'], Application::$BASE_DIR . '/public/assets/films/');
         }
diff --git a/src/utils/utils.php b/src/utils/utils.php
index 74b903f69d26fdca46297892ae1a0c5cca1cbeb5..98b02d561ac1900c0b7714d8c816077cf469b270 100644
--- a/src/utils/utils.php
+++ b/src/utils/utils.php
@@ -14,7 +14,12 @@ function saveFile(array $file, string $uploadDir): string {
     $newFileName = time() . '_' . uniqid() . '.' . $fileExtension;
 
     $targetFile = $uploadDir . $newFileName;
+    $allowedFileTypes = ['image/jpeg', 'image/png', 'image/gif'];
+    $fileMimeType = mime_content_type($_FILES['film_poster']['name']);
 
+    if (!in_array($fileMimeType, $allowedFileTypes)) {
+        throw new BadRequestException(false);
+    }
     if (!move_uploaded_file($fileTmpName, $targetFile)) {
         throw new BadRequestException();
     }