Path traversal attacks are a typical attack vector that compromises the security of APIs and web applications. It’s an injection attack where the perpetrator tries to access or modify private files on the webserver. I recently wrote a guest post for Stackhawk about path traversal attacks in PHP applications built with the Laravel framework. In the piece, I’m discussing what path traversal attacks are, how they occur, and how to prevent them. It was the second piece I wrote for Stackhawk after covering CORS in Laravel applications.

API security (and web application security in general) is a crucial topic if you care about the integrity of your systems and the privacy of your users. And still, things go wrong, so it’s necessary to raise more awareness, which I’m happy to do.

Disclosure: This work was paid for by StackHawk.