[Owasp-Atlanta] Path Manipulation
Tony UcedaVelez
tonyuv at owasp.org
Thu Mar 1 01:04:52 UTC 2012
Application object reference whitelisting and file path whitelisting are
some immediate wins. System level file structure hardening based upon the
actor that is making the calls to the presumably web file server would be
another route. That would be mostly handled at the OS level or the web
server/ service configuration of the root web server or site. I would
begin by creating an application file system tree that reveals system/ app
files associated with application calls in order to see what filepath calls
to compiled objects are being made. All of this assumes server side path
references and not client side. Hope this helps.
Tony UV
On Thu, Feb 16, 2012 at 2:39 PM, C.N.O <contila at yahoo.com> wrote:
>
>
> Good Day OWASPers,
> Hope all is well. I'm in the process of helping a client remediate some
> of the vulnerabilities unearthed through a static code scan (Fortify). One
> of the vulnerabilities that requires remediation is path manipulation.
>
> Do you have any ways/methods I can suggest to my client to remediate their
> path manipulation vulnerabilities?
> I thank you for your help in advance.
>
>
> Xavier.
>
>
>
> _______________________________________________
> Owasp-Atlanta mailing list
> Owasp-Atlanta at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-atlanta
>
>
--
Tony UcedaVelez
*Atlanta Chapter President*
*OWASP Atlanta*
http://www.owasp.org/index.php/Atlanta_Georgia
Twitter: *@versprite*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-atlanta/attachments/20120229/faf3d063/attachment.html>
More information about the Owasp-Atlanta
mailing list