search

cwong-scw / action-playground

0 stars 2 forks source link

erwefewfwef #3

Open cwong-scw opened 4 years ago

cwong-scw commented 4 years ago

ergerg cwe40 gewrge

dev-secure-code-warrior-pilot[bot] commented 4 years ago

Micro-Learning Topic: Path Traversal (CWE 40)

Path traversal vulnerabilities occur when inputs that have not been sufficiently validated or sanitised are used to build directory or file paths. If an attacker can influence the path being accessed by the server, they may be able to gain unauthorised access to files or even execute arbitrary code on the server (when coupled with file upload functionality).

Identify and review file system interactions within the application and work out how the directory or file paths are being constructed. If any external inputs are used to build paths, inspect their data flows to see if any of them will allow path characters that may affect the final path accessed. These special path characters typically include dot (.), forward slash(/) and backslash (\).

Level-up your secure coding prowess with language and framework specific gamified training.

Train Now

Thank you for participating in Secure Code Warrior Private Labs. Labs is where our more courageous warriors can play around with early releases of our new and exciting features.

secure-code-warrior-for-github[bot] commented 4 years ago

Micro-Learning Topic: Path Traversal (CWE 40)

Path traversal vulnerabilities occur when inputs that have not been sufficiently validated or sanitised are used to build directory or file paths. If an attacker can influence the path being accessed by the server, they may be able to gain unauthorised access to files or even execute arbitrary code on the server (when coupled with file upload functionality).

Identify and review file system interactions within the application and work out how the directory or file paths are being constructed. If any external inputs are used to build paths, inspect their data flows to see if any of them will allow path characters that may affect the final path accessed. These special path characters typically include dot (.), forward slash(/) and backslash (\).

Level-up your secure coding prowess with language and framework specific gamified training.

Train Now

Thank you for participating in Secure Code Warrior Private Labs. Labs is where our more courageous warriors can play around with early releases of our new and exciting features.