Exploiting and Fixing Client-Side Path Traversal (CSPT) Vulnerabilities | CyberSecurityTV

In this video, we explore a powerful yet often overlooked web vulnerability known as Client-Side Path Traversal (CSPT). Using the CSPT Playground by DNSsec, we demonstrate how attackers can exploit insecure client-side logic to manipulate path parameters, bypass access controls, and potentially trigger dangerous POST requests — even with authentication tokens like JWT or CSRF included. We walk through a practical attack scenario, explain how CSPT can be chained with other vulnerabilities like CSRF, and highlight why traditional defenses like same-site cookies may fall short. Most importantly, we discuss critical remediation strategies, including backend JSON schema enforcement, frontend input sanitization, and improving security in API client libraries. This deep dive into CSPT will help developers and security researchers better understand and defend against this subtle yet serious threat.

Exploiting and Fixing Client-Side Path Traversal (CSPT) Vulnerabilities | CyberSecurityTV

In this video, we explore a powerful yet often overlooked web vulnerability known as Client-Side Path Traversal (CSPT). Using the CSPT Playground by DNSsec, we demonstrate how attackers can exploit insecure client-side logic to manipulate path parameters, bypass access controls, and potentially trigger dangerous POST requests — even with authentication tokens like JWT or CSRF included. We walk through a practical attack scenario, explain how CSPT can be chained with other vulnerabilities like CSRF, and highlight why traditional defenses like same-site cookies may fall short. Most importantly, we discuss critical remediation strategies, including backend JSON schema enforcement, frontend input sanitization, and improving security in API client libraries. This deep dive into CSPT will help developers and security researchers better understand and defend against this subtle yet serious threat.