Live On November 30
6:00 PM IST, 1:00 PM PT, 10:00 AM PT
File path traversal, or directory traversal, is a treacherous adversary, capable of granting attackers unauthorized access to sensitive files. Our mission is to shield against this threat through stringent input validation and more, ensuring that user-provided file paths remain confined within their intended directory structures. Combining this with access control measures, such as ACLs and permissions, fortifies our defenses, guiding us safely through the complex terrain of file system security.
Cross-site Scripting (XSS) is a persistent peril that exposes web applications to script injection attacks. Our strategy to protect against this vulnerability should encompass rigorous output encoding, HTML sanitization and input filtering. Also, by adopting robust Content Security Policy (CSP) headers, diligent input validation, and embracing modern security-focused frameworks, we can fortify our applications against XSS, ensuring they remain both functional and resilient in the ever-evolving landscape of web security.
Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv.
Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of “Iron-Clad Java: Building Secure Web Applications” from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series.
Visit www.manicode.com to schedule an in-depth training course with Jim and crew.