eeldused
veebi- jt serverites eraldab avalikke faile
privaatsetest või süsteemifailidest
tihti ainult see, et
neid hoitakse eraldi kataloogis

olemus
ründaja püüab sobivalt adresseeritud päringuga
hüpata kõrgema taseme kataloogi ning
selle kaudu jõuda mitteavalike kataloogide ja failideni

ülevaateid
https://en.wikipedia.org/wiki/Directory_traversal_attack

https://www.acunetix.com/websitesecurity/directory-traversal/

https://www.owasp.org/index.php/Path_Traversal

https://www.youtube.com/watch?v=jJ0ijQ5pADE

https://hydrasky.com/network-security/directory-traversal-attacks/

https://www.htbridge.com/vulnerability/path-traversal.html

https://cwe.mitre.org/data/definitions/35.html

https://research.cs.wisc.edu/mist/SoftwareSecurityCourse/Chapters/3_3-Directory-Traversal.pdf

https://blog.secuna.io/hacking-applications-with-directory-traversal/

tõrje
https://image.slidesharecdn.com/yhj4fbjdqvsya0ocz383-signature-6fe2027c8f65735dd8da829282c0c957891ef6196788b5914b2e7cd19aab61a4-poli-151113151737-lva1-app6891/95/hack-fix-hands-on-coldfusion-security-training-26-638.jpg

http://www.dummies.com/programming/networking/how-to-detect-and-prevent-directory-traversal-hacks/

http://www.techpaste.com/2015/02/stop-file-path-traversal-attack-apache/

https://www.whitehatsec.com/blog/path-traversal-attack-solutions/

https://arxiv.org/pdf/1908.04502.pdf