Another common web application security flaw is the directory traversal attack. This attack allows an attacker to manipulate the file system structure on a web server. In this video, learn how directory traversal attacks jeopardize the security of web application.
- [Instructor] Another common web application security flaw…is the directory traversal attack.…This attack allows an attacker…to manipulate the file system structure on a web server.…Let's first talk about two important characteristics…of Unix file systems.…When using a Unix file system,…a single period references the current directory.…Using two periods references the directory…one level up in the hierarchy.…A directory traversal attack…uses these navigation references…to try to move up and down the directory structure…searching for unsecured files.…
They work when application allows a user…to request files stored elsewhere in the file system.…We're going to try one of these attacks…in the WebGoat environment.…First, here's a look at the file structure…to help you understand what's happening in the demo.…The ThreadSafetyProblem file is the one…that we're actually supposed to get…with the web application.…The tomcat-users file is the one…that we want to get our hands on.…We're currently in the en directory,…so we need to go up four levels to the .extract directory.…
This course—along with the others in this nine-part series—prepare you for the CISSP exam and provide you with a solid foundation for a career in information security.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Software development methodologies
- Operation, maintenance, and change management
- Cross-site scripting
- Preventing SQL injection
- Overflow attacks
- Malicious add-ons
- Secure coding practices
- Code signing
- Risk analysis and mitigation
- Software testing
- Acquired software