directory traversal

Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Directory traversal attacks are commonly performed using Web browsers. Any server in which input data from Web browsers is not validated is vulnerable to this type of attack.

Although some educated guesswork is involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by searching through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and patches, filtering of input from browsers, and the use of vulnerability scanners.

Directory traversal is also known as directory climbing or backtracking.

Read more about directory traversal: - Imperva describes how directory traversal attacks are carried out. - Acunetix offers countermeasures to minimize a server's vulnerability to directory traversal attacks. - SearchSoftwareQuality.com offers a tip about understanding directory traversal attacks.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Malware, Viruses, Trojans and Spyware,   Information Security Threats,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT How to defend against rogue DHCP server malware Rogue DHCP server malware is a new twist on an old concept. The good news is that defenses exist; the bad news is that many organizations haven't... New Trojan stealing FTP credentials, attacking FTP websites A new Trojan has collected up to 80,000 unique FTP server logins and is injecting malicious code into thousands of FTP websites. Cybercriminals exploit Michael Jackson, Farrah Fawcett deaths Security researchers report malicious spam, poisoned search engine results just hours after the deaths of pop star Michael Jackson and actress Farrah...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself... government Trojan  (SearchSecurity.com) A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a...