From the course: CISSP Cert Prep (2021): 3 Security Architecture and Engineering
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Defending against directory traversal
From the course: CISSP Cert Prep (2021): 3 Security Architecture and Engineering
Defending against directory traversal
- [Instructor] Directory traversal attacks are another common web application security flaw. These attacks allow the attacker to manipulate the file system structure on the web server. Let's first talk about two important characteristics of file systems. When using a Linux file system, a single period references the current directory and using two periods references the directory one level up in the hierarchy. A directory traversal attack uses these navigation references to try to move up and down the directory structure, searching for unsecured files. These attacks work when an application allows a user to request files stored elsewhere on the file system. We're going to try one of these attacks using a tool called WebGoat. But first here's look at the file system that we'll be using in this exercise to help you understand what's happening in the demo. The ThreadSafetyProblem.html file is the one that we're actually…
Contents
-
-
-
-
-
-
-
(Locked)
OWASP Top 105m 36s
-
(Locked)
SQL injection prevention4m 25s
-
(Locked)
Cross-site scripting prevention3m 17s
-
(Locked)
Cross-site request forgery prevention4m 8s
-
(Locked)
Defending against directory traversal3m 6s
-
(Locked)
Overflow attacks3m 21s
-
(Locked)
Session hijacking4m 8s
-
(Locked)
Privilege escalation1m 56s
-
(Locked)
-
-
-
-
-
-
-
-
-
-
-