I am playing with a simple webserver in autohotkey: sparrow. It is immune to path traversal attacks. As long as I don't run any unsanitized code from the client side, is there any other basic attack to watch out for, like the path traversal attack ?
+1
A:
Your question is a bit awkward. Not sanitizing user input is what causes vulnerabilities like Directory Traversal. The whole point is that your server is accepting the most malformed tainted data that a user could produce and the application is expected to make it safe.
There is something called a web application firewall which can block many different types of attacks before they reach the web application. A more secure setup than Sparrow would be Apache with Mod_Security. Mod_secuirty prevents hundreds of different types of attacks against web applications including Directory Traversal and the majority of the OWASP Top 10 . The OWASP top 10 is a great resource I highly recommend it.
Rook
2010-01-17 20:25:43