ASVS V16 Files and Resources

V16: File and Resources Verification Requirements

Control Objective

Ensure that a verified application satisfies the following high level requirements:


 * Untrusted file data should be handled accordingly and in a secure manner
 * Obtained from untrusted sources are stored outside the webroot and limited permissions.

Security Verification Requirements

References

For more information, see also:


 * [File Extension Handling for Sensitive Information](https://www.owasp.org/index.php/Unrestricted_File_Upload)
 * [Reflective file download by Oren Hatif](https://www.trustwave.com/Resources/SpiderLabs-Blog/Reflected-File-Download---A-New-Web-Attack-Vector/)