From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Directory traversal
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Directory traversal
- [Narrator] Another common web application security flaw is the directory traversal attack. This attack allows an attacker to manipulate the file system structure on a web server. Let's first talk about two important characteristics of Unix file systems. When using a Unix file system, a single period references the current directory. Using two periods references the directory one level up in the hierarchy. A directory traversal attack uses these navigation references to try to move up and down the directory structure searching for unsecured files. They work when an application allows a user to request files stored elsewhere in the file system. We're going to try one of these attacks in the WebGoat environment. First, here's a look at the file structure to help you understand what's happening in the demo. The ThreadSafetyProblem file is the one that we're actually supposed to get with the web application. The…
Contents
-
-
-
-
-
-
-
-
(Locked)
OWASP (Open Web Application Security Project)5m 24s
-
(Locked)
Preventing SQL injection5m 29s
-
(Locked)
Understanding cross-site scripting6m 38s
-
(Locked)
Privilege escalation2m 14s
-
(Locked)
Directory traversal3m 16s
-
(Locked)
Race conditions2m 39s
-
(Locked)
Dereferencing NULL pointers2m 33s
-
(Locked)
Third-party code5m 40s
-
(Locked)
Interception proxies5m 22s
-
(Locked)
-
-
-