From the course: CISSP Cert Prep (2021): 8 Software Development Security
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Defending against directory traversal
From the course: CISSP Cert Prep (2021): 8 Software Development Security
Defending against directory traversal
- [Instructor] Directory traversal attacks are another common web application security flaw. These attacks allow the attacker to manipulate the file system structure on the web server. Let's first talk about two important characteristics of file systems. When using a Linux file system, a single period references the current directory, and using two periods references the directory one level up in the hierarchy. A directory traversal attack uses these navigation references to try to move up and down the directory structure, searching for unsecured files. These attacks work when an application allows a user to request files stored elsewhere on the file system. We're going to try one of these attacks using a tool called WebGoat. But first, here's a look at the file system that we'll be using in this exercise to help you understand what's happening in the demo. The ThreadSafetyProblem.html file is the one that we're…
Contents
-
-
-
-
-
OWASP Top 105m 36s
-
Application security4m 13s
-
Preventing SQL injection4m 25s
-
Understanding cross-site scripting3m 17s
-
Request forgery4m 8s
-
Defending against directory traversal3m 6s
-
Overflow attacks3m 21s
-
Explaining cookies and attachments4m 25s
-
Session hijacking4m 8s
-
Code execution attacks2m 43s
-
Privilege escalation1m 56s
-
Driver manipulation2m 16s
-
Memory vulnerabilities3m 34s
-
Race condition vulnerabilities2m 13s
-
-
-
-