Hardening against path traversal attacks

What is Path Traversal

Web servers generally are set up to restrict public access to a specific portion of the Web server’s file system, typically called the “Web document root” directory. This directory contains the files intended for public access and any scripts necessary to provide Web application functionality.

In a path traversal attack, an intruder manipulates a URL in such a way that the Web server executes or reveals the contents of a file anywhere on

Posted at 4pm on 18/09/08 | no comments | Filed Under: Application Testing, Penetration Testing, Uncategorized read on

Hackers quick reference list…

1. Map Web Application

1.a Explore all visible content (e.g. all linked content)

a. Find all linked content using both passive and active spidering (use Burp Spider).

b. Find all none linked content (use Wikto BackEnd, and Google by using inlink, filetype and site
keywords).

c. Find all default content (use Nikto, Wikto BackEnd).
Posted at 11pm on 14/09/08 | no comments | Filed Under: Application Testing, Penetration Testing read on

About

This blog is maintained by Gerasimos Kassaras, for further information visit my web site : www.kassaras.com

View Gerasimos Kassaras's profile on LinkedIn


Google PageRank Checking tool

Who links to my website?

Recently

Categories