From the course: ISC2 Systems Security Certified Practitioner (SSCP) (2024) Cert Prep

Unlock this course with a free trial

Join today to access over 24,900 courses taught by industry experts.

Defending against directory traversal

Defending against directory traversal

From the course: ISC2 Systems Security Certified Practitioner (SSCP) (2024) Cert Prep

Start my 1-month free trial Buy for my team

Defending against directory traversal

- [Instructor] Directory Traversal attacks are another common web application security flaw. These attacks allow the attacker to manipulate the file system structure on the web server. Let's first talk about two important characteristics of file systems. When using a Linux file system, a single period references the current directory, and using two periods, references the directory one level up in the hierarchy. A Directory Traversal Attack, uses these navigation references to try to move up and down the directory structure searching for unsecured files. These attacks work, when an application allows a user to request files stored elsewhere on the file system. We're going to try one of these attacks using a tool called WEBGOAT. But first, here's a look at the file system that we'll be using in this exercise, to help you understand what's happening in the demo. The ThreadSafetyProblem.html file, is the one that we're…

Contents