Directory traversal tutorial

- Understand how an attacker might perform a directory traversal exploit on a vulnerable application and be able to identify and remediate instances of this vulnerability. Directory traversal attacks can be performed in a variety of ways. The goal, however, is always the same, and that is to access restricted resources on a file system. Hello, my name is Kevin Richard and I'm a security researcher with Veracode. Today I'm here to provide a brief demonstration of the application security weakness called directory traversal. To do so, I'm going to use an application called VeraInsecure, a web app we're building to demonstrate a number of real security vulnerabilities. Let's get started. Take a look at the page on my screen. Here we have a simple form that prompts the user to choose a file from this drop-down box. Once the user does so and clicks Open File, the application will return that file's contents. As I will demonstrate, this page is vulnerable to a directory traversal attack…