directory traversal
Home > Security Definitions - Directory traversal
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

directory traversal


Word of the Day
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


DEFINITION -

Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Directory traversal attacks are commonly performed using Web browsers. Any server in which input data from Web browsers is not validated is vulnerable to this type of attack.

Although some educated guesswork is involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by searching through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and patches, filtering of input from browsers, and the use of vulnerability scanners.

Directory traversal is also known as directory climbing or backtracking.

LAST UPDATED: 09 May 2007

Read more about directory traversal:
- Imperva describes how directory traversal attacks are carried out.
- Acunetix offers countermeasures to minimize a server's vulnerability to directory traversal attacks.
- SearchSoftwareQuality.com offers a tip about understanding directory traversal attacks.


Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Microsoft Word zero-day being actively exploited
Attackers are actively targeting a flaw in Microsoft Word, according to Symantec.
New defenses for automated SQL injection attacks
By automating SQL injection attacks, hackers have found a way to expedite the process of finding and exploiting vulnerable websites. The old defenses...
Are there antivirus suites that pick up more than just run-of-the-mill viruses?
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bot worm  (SearchSecurity.com)
A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself...
cache poisoning  (SearchSecurity.com)


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts