ASVS Requirement 5.3.2

• Level: 1
• Chapter: V5 File Handling
• Section: V5.3 File Storage
• Source: 0x14-V5-File-Handling.md

Description

Verify that when the application creates file paths for file operations, instead of user-submitted filenames, it uses internally generated or trusted data, or if user-submitted filenames or file metadata must be used, strict validation and sanitization must be applied. This is to protect against path traversal, local or remote file inclusion (LFI, RFI), and server-side request forgery (SSRF) attacks.