myctrl.tools
Compare

SBD-ALERT-4Eliminating Directory Traversal Vulnerabilities

>Control Description

CISA Secure by Design Alert (May 2, 2024): Technology manufacturers should eliminate directory traversal vulnerabilities (CWE-22) from their products by using safe file access APIs, canonicalizing file paths before use, implementing chroot or container-based isolation, and validating that resolved paths remain within expected directories.

>Related Controls

SBD-PLEDGE-3

Ask AI

Configure your API key to use AI features.