directory traversal
Home > Security Definitions - Directory traversal
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

directory traversal

Show me everything on Malware, Viruses, Trojans and Spyware


Word of the Day


DEFINITION -

Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Directory traversal attacks are commonly performed using Web browsers. Any server in which input data from Web browsers is not validated is vulnerable to this type of attack.

Although some educated guesswork is involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by searching through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and patches, filtering of input from browsers, and the use of vulnerability scanners.

Directory traversal is also known as directory climbing or backtracking.

Learn more about Malware, Viruses, Trojans and Spyware
Built-in Windows commands to determine if a system has been hacked: Ed Skoudis identifies five useful Windows command-line tools for machine analysis and discusses how they can assist administrators in determining if a machine has been hacked.
More built-in Windows commands for system analysis: Ed Skoudis defines five more useful Windows commands that can provide new insight into the realm of Windows analysis.
Information security book excerpts and reviews: Visit the Information Security Bookshelf for book reviews and free chapter downloads.
Mini guide: How to remove and prevent Trojans, malware and spyware: Organizations need to learn how to implement proper protections and understand best practices for malware defense in order to keep their network environments secure. In this mini guide you will learn ...
Hacker attack techniques and tactics: Understanding hacking strategies: This guide provides you with a plethora of tips, expert advice and Web resources that offer more in-depth information about hacker techniques and various tactics you can employ to protect your ...
Spyware Protection and Removal Tutorial: This spyware protection and removal tutorial is a compilation of free resources that explain what spyware is, how it attacks and what you can to do to win the war on spyware.
Googling Security: How Much Does Google Know About You?: In an excerpt from Googling Security: How Much Does Google Know About You?, author Greg Conti explains how attackers exploit advertising networks to compromise end-user machines.

LAST UPDATED: 09 May 2007

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- Imperva describes how directory traversal attacks are carried out.
- Acunetix offers countermeasures to minimize a server's vulnerability to directory traversal attacks.
- SearchSoftwareQuality.com offers a tip about understanding directory traversal attacks.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
Malware in Google attacks uses spaghetti code
Coding technique designed to tie up reverse engineers has been used in the past, Symantec says.
Preparing for future security threats, evolving malware
Security expert Nick Lewis predicts how infosec threats will evolve in 2010. Luckily, enterprise defenses will evolve, too.
Facebook attacks prompt investments in social networking security
Social networks are opening their wallets in a big way to bolster security teams and install new security technologies to combat attacks.

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bot worm  (SearchSecurity.com)
A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself...
government Trojan  (SearchSecurity.com)
A government Trojan is spyware installed on a computer or network by a law enforcement agency for the purpose of capturing information relevant to a...




Get More directory traversal Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2010, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts