This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Path Traversal"

Jump to: navigation, search
(Posting on behalf of Rajat)
(No difference)

Revision as of 17:11, 23 July 2013

Return to Periodic Table Working View

Path Traversal

Root Cause Summary

File resources are accessed using, user-supplied data, allowing a malicious user to access files that he/she is not authorized to access.

Browser / Standards Solution

<browser/standards solutions here>

Perimeter Solution

· Canonicalize URLs and prevent directory access outside the web root.

Generic Framework Solution

· Provide safe libraries for accessing the file system that canonicalize path references and enforce proper access control.

· Provide a method that can compare the cononicalized path to a whitelist of paths that can be accessed by the user of the application for given access level of the application.

· Provide safe methods that do not let the file extension be tampered with of the intended resource input.

· Input validation to remove “..” from the user supplied data.

Custom Framework Solution

<custom framework solutions here>

Custom Code Solution

<custom code solutions here>

Discussion / Controversy

<discussion / controversy tracking here>