Canonicalization Attack

A canonicalization attack is a cyberattack method in which the attacker substitutes various inputs for the canonical name of a path or file. Typically exploited by entering the file path in an input field or webpage or part of a URL, canonical attacks enable attackers to access unauthorized files and directories on a web server. One method of a canonicalization attack is when an attacker encodes input before it is sent to the application for further processing, enabling the attacker to evade a system’s input validation and output encoding controls.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.