Shipsafershipsafer.ai
ShipSafer
Scan a site
Web Security

Path Traversal

A path traversal attack (also known as directory traversal) uses sequences like ../ to navigate outside the intended directory on a web server, accessing files that should be restricted. Attackers can read configuration files, private keys, or source code outside the web root. It is often the first step before LFI or RCE exploitation. Prevention requires canonicalizing file paths before use and rejecting paths containing directory traversal sequences.

Official documentation

Why it matters for your website

  • 1Listed in the OWASP Top 10 — one of the most critical web risks
  • 2Can lead to data exfiltration, account takeover, or full system compromise
  • 3Required to fix before passing security reviews for enterprise customers

Check your site for Path Traversal issues

Run a free scan to see if your domain has any Path Traversal-related vulnerabilities or misconfigurations.

Related Terms

Browse Glossary

View all 85 terms

Free Security Scan

See your SSL, headers, CORS, DNS, and email security score in seconds.