How do Firebase Storage Security Rules work?

Firebase Storage Security Rules control who can upload, download, and delete files in Cloud Storage buckets. Rules are written in a similar syntax to Firestore rules and can check authentication state, file metadata, file size, and content type. A common mistake is allowing any authenticated user to read all files or upload files without size and type restrictions, which can lead to data leaks or abuse. Storage rules should scope access to user-specific paths and validate file properties on upload. UNPWNED tests your Firebase Storage rules for misconfigurations that could allow unauthorized file access or unrestricted uploads.