What is Directory Traversal?
Directory Traversal is a web-based cyber attack that involves accessing files and directories not located under the root directory of a server. Also referred to as a path traversal or ../ (dot-dot-slash) attack, bad actors accomplish this exploit by manipulating file variables. When successful, characters representing “traverse to parent directory” pass through to the operating system’s file system API. In sum, that allows access to sensitive files. SonicWall’s 2021 Cyber Threat Report identifies this vulnerability as a rising concern, accounting for 34% of intrusion attempts in 2020.
How to Recognize This Threat: The simplest way to detect this vulnerability is to use some type of web vulnerability scanner. This automated scan will not only identify directory traversal vulnerabilities, but others as well. It will also provide suggested methods for fixing them.
How to Prevent This Threat: Unfortunately, just about any moderately advanced web application must include local resources, which give an attacker a chance to include an unauthorized file or remote resource to gain further access. In addition to shoring up any vulnerabilities identified via scan, a web application firewall provides a significant security boost against this and other web-based exploits.