This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Periodic Table of Vulnerabilities - Path Traversal

Revision as of 17:11, 23 July 2013 by James Landis (talk | contribs) (Posting on behalf of Rajat)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Return to Periodic Table Working View

Path Traversal

Root Cause Summary

File resources are accessed using, user-supplied data, allowing a malicious user to access files that he/she is not authorized to access.

Browser / Standards Solution

<browser/standards solutions here>

Perimeter Solution

· Canonicalize URLs and prevent directory access outside the web root.

Generic Framework Solution

· Provide safe libraries for accessing the file system that canonicalize path references and enforce proper access control.

· Provide a method that can compare the cononicalized path to a whitelist of paths that can be accessed by the user of the application for given access level of the application.

· Provide safe methods that do not let the file extension be tampered with of the intended resource input.

· Input validation to remove “..” from the user supplied data.

Custom Framework Solution

<custom framework solutions here>

Custom Code Solution

<custom code solutions here>

Discussion / Controversy

<discussion / controversy tracking here>