views:

60

answers:

1

I am playing with a simple webserver in autohotkey: sparrow. It is immune to path traversal attacks. As long as I don't run any unsanitized code from the client side, is there any other basic attack to watch out for, like the path traversal attack ?

+1  A: 

Your question is a bit awkward. Not sanitizing user input is what causes vulnerabilities like Directory Traversal. The whole point is that your server is accepting the most malformed tainted data that a user could produce and the application is expected to make it safe.

There is something called a web application firewall which can block many different types of attacks before they reach the web application. A more secure setup than Sparrow would be Apache with Mod_Security. Mod_secuirty prevents hundreds of different types of attacks against web applications including Directory Traversal and the majority of the OWASP Top 10 . The OWASP top 10 is a great resource I highly recommend it.

Rook