Free Trial
Under attack ?

What Is Directory Traversal?

What Is Directory Traversal?

What is Directory Traversal?

What is Directory Traversal

Directory traversal is also known as file path traversal. It is a web security flaw that enables an attacker to access any file on the server hosting an application. This may comprise sensitive operating system files, application code and data, and back-end system login information. In some circumstances, an attacker may be able to write arbitrary server files, which would give them the ability to change application data or behaviour and ultimately seize total control of the server.

What Is Remote File Inclusion (RFI)? How Does Remote File Inclusion Work?

The best approach to protect against file path traversal flaws is to never transmit user-supplied input to filesystem APIs. A lot of these application functions can be modified to give the same behaviour in a safer manner.

If passing user-supplied input to filesystem APIs is deemed necessary, then two lines of security should be combined to fend off attacks:

The user input should be verified by the application before processing it. The validation should, ideally, compare to a whitelist of authorized values. If the needed functionality prevents that, then the validation should ensure that the input only contains content that is allowed, such as only alphanumeric characters.

What Is Session Hijacking? How To Prevent Session Hijacking?

The application should append the input to the base directory after validating the provided input and use a platform filesystem API to canonicalize the path. It should ensure that the canonicalized path begins with the anticipated base directory.

Related Blog Post

DNS Security Extensions (DNSSEC) – Why Did The Need Arise For Its Implementation?

What is General Data Protection Regulation (GDPR)?

How Content Security Policy (CSP) Secures Web Clients?

What Is Swagger? How To Provide Security To Swagger?

What Is A Supply Chain Attack? How To Prevent Them?

Article Post

WAF Logging And Analysis For Continuous Security Enhancement

Safeguarding Application Against Massive Attacks

Securing Seamless Traffic Distribution On E-commerce Websites

Unveiling The Latest Enhancement In API Security

Prevention Of Attacks On Government Industry

Community Post

Why WAF Is Required?

Is WAF A Proxy Firewall?

What Are The Advantages Of WAF?

Can WAF Protect DDoS Attacks

What Are The Advantages Of WAF?

Facebook
Twitter
LinkedIn
Linkedin X-twitter Facebook-f Youtube

Recent Blog Posts

Cybersecurity Awareness Month 2025
Layer 7 Attack Recovery Guide Step by Step (2025)
Top 12 Features Every MSSP Needs in a WAAP Platform (2025 Guide)
Top 8 Cybersecurity Challenges Indian Enterprises Face in 2025
Best Tools to Identify Broken Access Control in APIs

WAF Solution

Recent Case Studies

Government Institution Fortifies Data Defenses with Prophaze

Government Institution Fortifies Data Defenses with Prophaze

December 14, 2023
Prophaze's WAF Redefines Aerospace Security Standards

Prophaze’s WAF Redefines Aerospace Security Standards

December 14, 2023
Industrial IoT Breach mitigated by Prophaze

Industrial IoT Breach Mitigated by Prophaze

December 14, 2023

Recent Press Releases

Prophaze gartner 2025 strong performer waap api

Prophaze Recognized as a Strong Performer in Gartner Peer Insights™ Voice of the Customer 2025 for Cloud Web Application and API Protection

October 6, 2025
Indo Pak Cyber Attacks

India Cyber Attack: 85 Million Malicious Requests Blocked by Prophaze

May 20, 2025
Intel Prophaze Partnership

Intel’s 4th Gen Processors Power Prophaze’s New Era of Smarter, Faster Security

January 23, 2025