This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Testing for Directory Traversal"

From OWASP
Jump to: navigation, search
(Brief Summary)
 
(28 intermediate revisions by 7 users not shown)
Line 1: Line 1:
{{Template:OWASP Testing Guide v2}}
+
#REDIRECT [[Testing Directory traversal/file include (OTG-AUTHZ-001)]]
 
 
== Brief Summary ==
 
Nowadays, many web applications use and manage files. Using input validation methods not well designed, an aggressor could exploit the system in order to read/write files that are not intended to be accessible; in particular situations it could be possible to execute arbitrary code or system commands.
 
<br>
 
 
 
== Description of the Issue ==
 
<br>
 
...here: Short Description of the Issue: Topic and Explanation
 
<br>
 
== Black Box testing and example ==
 
'''Testing for Topic X vulnerabilities:''' <br>
 
...<br>
 
'''Result Expected:'''<br>
 
...<br><br>
 
== Gray Box testing and example ==
 
'''Testing for Topic X vulnerabilities:'''<br>
 
...<br>
 
'''Result Expected:'''<br>
 
...<br><br>
 
== References ==
 
'''Whitepapers'''<br>
 
...<br>
 
'''Tools'''<br>
 
...<br>
 
 
 
{{Category:OWASP Testing Project AoC}}
 
[[OWASP Testing Guide v2 Table of Contents]]
 
{{Template:Stub}}
 

Latest revision as of 15:44, 14 April 2015