Back to all learning paths
APPRENTICE

Server-side vulnerabilities

This learning path introduces you to a range of common server-side vulnerabilities. This is perfect if you're new to web security and want to get an overview of the kinds of vulnerabilities that exist, as well as how an attacker might identify and exploit them in real-world systems.

Contents

Get started: What is path traversal?

0 of 52

GET STARTED


Path traversal Path traversal (also known as directory traversal) vulnerabilities enable an attacker to interact with arbitrary files on the server, giving them access to sensitive data. If they can also write to these files, they can potentially modify application data or behavior, ultimately taking full control of the server. 0 of 3



Access control Access controls are designed to prevent users from interacting with data or functionality for which they don't have the relevant permissions. Due to the obvious security impact, broken access controls are critical bugs in their own right. They often also provide access to more attack surface, which could contain additional vulnerabilities. 0 of 12



Authentication Authentication is the process of checking that a user really is who they claim to be. For example, a login form where you enter your username and password is one form of authentication mechanism. Flawed authentication mechanisms may allow an attacker to guess valid sets of credentials by automating thousands of login attempts using specialist tools like Burp Intruder. 0 of 10



Server-side request forgery (SSRF) SSRF vulnerabilities enable an attacker to trigger malicious server-to-server requests to unintended URLs. As the server issuing the request is likely to have a strong trust relationship with other systems on the network, the attacker can potentially abuse this behavior to access data, functionality, and services that are not meant to be exposed to external users. 0 of 6



File upload vulnerabilities Any functionality that enables users to upload files to the server's filesystem are inherently dangerous. Failing to enforce proper restrictions on the files that users are allowed to upload can potentially enable an attacker to run arbitrary system commands, giving them full control over the server. 0 of 9



OS command injection Command injection vulnerabilities enable an attacker to execute arbitrary operating system (OS) commands on the server. This gives them full control over the server, compromising the application and all of its data. 0 of 5



SQL injection SQL injection is a classic vulnerability that is responsible for many high-profile data breaches. It enables an attacker to interfere with the queries the application issues to its database, potentially returning sensitive data from arbitrary tables within the database. 0 of 7