Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Path Traversal"
(Posting on behalf of Rajat)
Revision as of 17:11, 23 July 2013
Root Cause Summary
File resources are accessed using, user-supplied data, allowing a malicious user to access files that he/she is not authorized to access.
Browser / Standards Solution
<browser/standards solutions here>
· Canonicalize URLs and prevent directory access outside the web root.
Generic Framework Solution
· Provide safe libraries for accessing the file system that canonicalize path references and enforce proper access control.
· Provide a method that can compare the cononicalized path to a whitelist of paths that can be accessed by the user of the application for given access level of the application.
· Provide safe methods that do not let the file extension be tampered with of the intended resource input.
· Input validation to remove “..” from the user supplied data.
Custom Framework Solution
<custom framework solutions here>
Custom Code Solution
<custom code solutions here>
Discussion / Controversy
<discussion / controversy tracking here>