FBI and CISA tell devs to crack down on security issues before releasing

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), published a new joint security alert earlier this week, urging software developers to keep path traversal in mind when developing software products.

Path traversal is a software vulnerability also known as directory traversal, or directory climbing. By abusing this flaw, threat actors can access sensitive files and directories. The hole typically arises in web applications or systems that dynamically construct file paths based on user input without properly validating or sanitizing it. 

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *