File Storage
V12.4.1
Verify that files obtained from untrusted sources are stored outside the web root, with limited permissions.
Level 1 required: True
Level 2 required: True
Level 3 required: True
CWE: 552
V12.4.2
Verify that files obtained from untrusted sources are scanned by antivirus scanners to prevent upload and serving of known malicious content.
Level 1 required: True
Level 2 required: True
Level 3 required: True
CWE: 509
Disclaimer:
Credit via OWASP ASVS. For more information visit The OWASP ASVS Project or Github respository.. OWASP ASVS is under the Creative Commons Attribution-Share Alike v3.0 license.
