Many file operations are intended to take placed within a restricted directory, however, the software does not properly neutralize special elements within a pathname which results in various security consequences. This course introduces ways to identify and mitigate this security weakness, referenced as CWE-22 by the 2020 CWE Top 25.
Learning Objectives
On successful completion of this course, learners should have the knowledge and skills to:
- Identify Path Traversal vulnerabilities
- Recognize the potential impact of this vulnerability
- Apply coding best practices to avoid attacks
- Find Path Traversal vulnerabilities in your applications source code
- Test your application to detect Path Traversal
Framework Connections
Specialty Areas
- Risk Management
- Software Development
Feedback
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.