Directory Traversal (or also known as file path traversal) is a vulnerability that allows an attacker to read arbitrary files on the server that is running the application. This includes files that contain credentials, system configuration and application code. In some cases, not only could you read arbitrary files, but you could also write to arbitrary files which usually leads to a full system compromise. Therefore, mastering the ability to identify and exploit directory traversal vulnerabilities has become an essential and foundational skill.
In this course, we dive into the technical details behind directory traversal vulnerabilities, how to find these types of vulnerabilities from a black-box and white-box perspective and the different ways to exploit these types of vulnerabilities. We also cover prevention and mitigation techniques that you can use to prevent directory traversal vulnerabilities.
This is not your average course that just teaches you the basics. It's the perfect mix of theory and practice! The course contains 6 hands-on labs of varying difficulty levels that teach you how to first manually exploit the vulnerability and then how to script/automate your exploit in Python.
If you're a penetration tester, application security specialist, bug bounty hunter, software developer, ethical hacker, or just anyone interested in web application security, this course is for you!
Who this course is for:
- Penetration testers that want to understand how to find and exploit directory traversal vulnerabilities.
- Software developers that want to understand how to defend against directory traversal vulnerabilities.
- Bug bounty hunters that want to understand how to find and exploit directory traversal vulnerabilities.
- Individuals preparing for the Burp Suite Certified Practitioner (BSCP) exam.
- Individuals preparing for the OSWE certification.
Rana Khalil is an accomplished Application Security Engineer currently steering the digital safety ship in Canada's dynamic public and private sectors. With her cutting-edge expertise, she's not only securing applications, but also shaping the future of cybersecurity across the nation.
She holds a Bachelor's and Master’s degree in Computer Science and is OSCP certified. She has spoken about her research at various local and international conferences, and received several awards and honorable mentions for her contributions to the cybersecurity community.
Rana has also founded her own online academy where she teaches web application penetration testing. Her mission? To make cybersecurity education affordable and keep the digital frontier safe, one application at a time.