O'Reilly logo

Improving Web Application Security: Threats and Countermeasures by Microsoft Corporation

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Step 11. Sites and Virtual Directories

Relocate Web roots and virtual directories to a non-system partition to protect against directory traversal attacks. These attacks allow an attacker to execute operating system programs and utilities. It is not possible to traverse across drives. For example, this approach ensures that any future canonicalization worm that allows an attacker to access system files will fail. For example, if the attacker formulates a URL that contains the following path, the request fails:

/scripts/..%5c../winnt/system32/cmd.exe

During this step, you:

  • Move your Web site to a non-system volume.

  • Disable the parent paths setting.

  • Remove potentially dangerous virtual directories.

  • Remove or secure RDS.

  • Set Web permissions.

  • Remove or secure ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required