The Path Traversal attack technique (aka Directory Transversal) allows an attacker to access files, directories, and commands that potentially reside outside the root directory. Armed with access to application source code or configuration and critical system files, an attacker can manipulate a URL in such a way that the application will execute or reveal the contents of arbitrary files anywhere on the server. Any device or application that exposes an HTTP-based interface is potentially vulnerable to a Path Traversal attack.
Most websites restrict user access to a specific portion of the file system, typically called the "web document root" or "CGI root" directory. These directories contain the files intended for user access and the executable necessary to drive web application functionality. To access files or execute commands anywhere on the file system, Path Traversal attacks will use the "../" special-character sequence to alter the resource location requested in the URL.
Path traversal exploits are one of the many ways hackers will try to get into your web applications. And of course, those bad guys are always coming up with clever modifications. Fortunately, our Threat Research Center (TRC) team is on top of things. If you want to stay abreast of secure development practices, this webinar is for you. In this webinar, team members from the application security engineering teams will explore what a path traversal exploit consists of, demonstrate a new way of exploiting a flaw in website application coding that allows a path traversal attack, and explain how to prevent such attacks through whitelisting and secure coding practices.