What is path traversal?

Path traversal, also known as directory traversal or path traversal attack, is a type of security attack in which an attacker attempts to access files and directories that are outside the web application's assigned directory. The attacker manipulates the path information in the requests to the web application in order to gain access to sensitive files or directories that they should not normally have access to.

Example of path traversal attacks

An example of path traversal is when a web application does not adequately validate user input and an attacker attempts to access the server's password file by typing example.com/page.php?file=../.. /etc/passwd. By using "../" the attacker attempts to work their way back through the directories to access files outside of the web directory.

Path traversal attacks can cause serious security problems because a successful attack can allow an attacker to expose sensitive information such as passwords, configuration files, or sensitive user data. To protect against path traversal attacks, web applications should ensure that all user input is properly validated and sanitized to ensure that requests do not allow unauthorized file paths or directory structures. In addition, Web Application Firewalls (WAFs) such as the Airlock Gateway can be used to monitor suspicious traffic and detect and block attacks early.

Information for you

-Our whitepapers-

Executive View: KuppingerCole - Airlock Secure Access Hub for applications and APIs

This KuppingerCole Executive View report provides an architectural and functional overview of the Airlock Secure Access Hub, an integrated platform for secure access management - a multicloud-native security tool for web applications, APIs and beyond.

 

Fill out the form now and receive Executive View!

Whitepaper: Security for cloud-native applications

You can read about how companies can ensure the security of web applications and APIs in Kubernetes in the white paper "Security for cloud-native applications", which was created in collaboration between heise and Airlock.

 

Request whitepaper

Whitepaper: Zero Trust is a journey

The ongoing digital transformation of the world is progressing and having a profound impact on our personal and professional lives in ways that were difficult to imagine just a few years ago.


This white paper discusses the effects of continuous digitalization and its impact.

Request free of charge

Off to DevSecOps

In this white paper, you will learn the most important insights into how you can implement DevSecOps successfully and efficiently, which security components are required for this and the advantages of a microgateway architecture.

 

Request free of charge

Airlock 2FA - Strong authentication. Simple.

Double security - this is what two-factor authentication offers in the field of IT security.


Find out more about strong authentication and the possibilities offered by Airlock in our white paper.

Download for free

Further whitepapers

We provide you with free white papers on these and other topics:

 

  • Successful IAM projects
  • compliance
  • Data protection (DSGVO)
  • Introduction of PSD2
  • PCI DSS requirementsPCI DSS requirements
Request free of charge