From the course: Vulnerability Management with Nessus
Join today to access over 24,900 courses taught by industry experts.
Defending against directory traversal - Nessus Tutorial
From the course: Vulnerability Management with Nessus
Defending against directory traversal
- [Instructor] Directory traversal attacks are another common web application security flaw. These attacks allow the attacker to manipulate the file system structure on the web server. Let's first talk about two important characteristics of file systems. When using a Linux file system, a single period references the current directory and using two periods references the directory one level up in the hierarchy. A directory traversal attack uses these navigation references to try to move up and down the directory structure, searching for unsecured files. These attacks work when an application allows a user to request files stored elsewhere on the file system. We're going to try one of these attacks using a tool called WebGoat. But first, here's a look at the file system that we'll be using in this exercise to help you understand what's happening in the demo. The ThreadSafetyProblem.html file is the one that we're actually supposed to get with the web application. The tomcat-users.xml…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
(Locked)
Server vulnerabilities2m 57s
-
(Locked)
Endpoint vulnerabilities1m 10s
-
(Locked)
Network vulnerabilities3m 30s
-
(Locked)
Preventing SQL injection4m 25s
-
(Locked)
Understanding cross-site scripting3m 17s
-
(Locked)
Request forgery4m 8s
-
(Locked)
Overflow attacks3m 21s
-
(Locked)
Code execution attacks2m 43s
-
(Locked)
Privilege escalation1m 56s
-
(Locked)
OWASP Top Ten4m 45s
-
(Locked)
Defending against directory traversal3m 4s
-
(Locked)
Race condition vulnerabilities2m 13s
-
(Locked)
-