Web application attacks were analyzed in a recent report by Edgio. The report found that the most prevalent attack mitigated was path traversal. A successful path traversal attack allows a threat actor to access files on a web server, and has surpassed the prior #1 threat, SQL injection, a common attack vector that often uses malicious SQL statements to attempt to exfiltrate sensitive data from databases behind applications.
The report found that the path traversal attacks can lead to deep system intrusions posing a significant threat to an organization’s infrastructure and the confidentiality, integrity and availability of data delivered over the Internet. These attacks can result in unauthorized access to content, the loss of personally identifiable information (PII), the dissemination of private/copyrighted information, or even remote code execution. Unmitigated attacks can lead to even more serious consequences, such as the deployment of ransomware or other malicious software.