What is forceful browsing?

Forceful Browsing or Directory Traversal is an attack in which an attacker attempts to access resources that are not referenced by the attacked web application, but are still accessible from outside. This is done by manipulating URLs by having the attacker try out different variations of the URLs used by the application and delivered to the client.


How does Forceful Browsing work?

The attack can be carried out by typing URL paths directly into the browser address bar or by sending specially crafted HTTP requests. By exploiting vulnerabilities in request processing, the attacker can access files or directories that are not normally intended for public use, such as configuration files, databases, or internal system resources.

Forceful browsing can pose serious security risks to a web application because it can expose sensitive information and put sensitive system resources at risk. To protect against such attacks, it is important to implement careful URL validation and access control to ensure that only authorized users can access specific resources. In addition, security patches and updates should be applied regularly to close potential vulnerabilities and minimize the attack surface. By taking proactive security measures, companies can effectively protect their web applications from forceful browsing attacks and ensure the integrity and confidentiality of their data.

Information for you

-Our whitepapers-

Study Application and API Security 2022

In a recent study in cooperation with CIO, CSO and COMPUTERWOCHE, Ergon Airlock looked at application and API security in the container environment.

Request study

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge