The tCell team at Rapid7 has always been a big believer in the power of protecting applications "from within" (aka RASP) as a game-changing way of protecting applications in production. We're excited to be able to offer a new protection to address a large category of attacks involving the application compromise of the local file system.
Everyone knows that if the host of an application is compromised, the application can be compromised, so it's no surprise that securing hosts by such things as access controls and network segregation (among other things) are usually top of the security to-do list. However, what people often overlook is how the application itself can be a threat to the host (and, in turn, the entire infrastructure). One very common category of vulnerability is rooted in how an application accesses the file system. Unauthorized reads and writes to local files via the application process can have catastrophic consequences.
The application threats that lead to compromising local files
Typically, two types of appsec threats come to mind when it comes to compromising local files: Local File Inclusion and Directory Traversal.
Local File Inclusion is when a web application returns in the HTTP response a file it should not have. A typical example is when local files are used as part of the response logic of the application. Consider this HTTP GET request:
https://vuln.tcell.io/?file=mydoc.html
If the developer failed to sanitize the input, the following could return a ..
Support the originator by clicking the read the rest link below.
