Application Security Terminology

Glossary

Directory Traversal

The Directory Traversal attack (also known as a Path Traversal attack) allows an attacker access to files, directories, and commands that are stored outside the root directory. Directory Traversal takes advantage of the fact that all but the simplest web applications include local resources such as images, themes, other scripts, and more. Every time a resource or file is included by the application, there is a risk that an attacker may be able to include a file or remote resource that hasn’t been authorized. 

An attacker using the Directory Traversal technique can manipulate a URL in such a way that the application will execute or reveal the contents of arbitrary files anywhere on the server. Any device that exposes an HTTP-based interface is potentially vulnerable to a Directory/ Path Traversal attack.