looking at holes within the security. In other words, if you want to poke around a system, look

for the obvious, visible openings before engaging in actually attacking the security of the system.

I look at this as being given access instead of gaining unauthorized access, which legally, is a

big difference. Now I am not a lawyer, but these are two completely different things in my

Basic directory transversal involves seeing what directories are publicly accessible without

"breaking into" anything. More advanced forms of directory transversal involve using these

basic principles to slide through security by using things like "/../" and hex codes to try and fool

the software into allowing you access to directories that were not intended to be accessible.

But let's stick to the basics for now. For example, depending on the type of web server

running, you are probably familiar with the fact that there is a specific default directory structure

that usually contains at least one subfolder called "images". No HTML is usually store

There is a lot that you can do to find the directory structure of the site, and I will leave that for a

are not. During your normal browsing of a site, or your intentional targeting of a site, notice the

we (and should we) be prosecuted? Were any laws technically or even ethically broken? Is

be moved into the root directory. The really fun stuff is finding a "secret" page that some 31337

They may not be listed on the home page, or linked to from any other page on the entire site.

insufficient security by their own lack of ability? I think that if something is so important that you

accounts removed for turning in a prize claim or contest entry before the page has been

Some common words found in the essay are:
, publicly accessible, directory structure, directory structure site, structure site, site notice, directory transversal, home page, unauthorized access,
Approximate Word count = 781
Approximate Pages = 3 (250 words per page double spaced)