Customizing the Look of Error Messages in JSP , DrewFalkman.com

http://www.drewfalkman.com/resources/CustomErrorPages.cfm

ColdFusion Custom Error Pages

http://livedocs.macromedia.com/coldfusion/6/Developing_ColdFusion

_MX_Applications_with_CFML/Errors6.htm

Obfuscators :

JAVA

http://www.cs.auckland.ac.nz/~cthombor/Students/hlai/hongying.pdf

5.3  Path Traversal

The Path Traversal attack technique forces access to files,

directories, and commands that potentially reside outside the web

document root directory. An attacker may manipulate a URL in such a

way that the web site will execute or reveal the contents of arbitrary

files anywhere on the web server. Any device that exposes an HTTP 

based interface is potentially vulnerable to Path Traversal.

Most web sites restrict user access to a specific portion of the file 

system, typically called the  web document root  or  CGI root 

directory. These directories contain the files intended for user access

and the executables necessary to drive web application functionality.

To access files or execute commands anywhere on the file system,

Path Traversal attacks will utilize the ability of special characters

sequences.

The most basic Path Traversal attack uses the  ../  special 

character sequence to alter the resource location requested in the

URL. Although most popular web servers will prevent this technique

from escaping the web document root, alternate encodings of the

 ../  sequence may help bypass the security filters. These method

variations include valid and invalid Unicode encoding ( ..%u2216  or

51

Copyright 2004, Web Application Security Consortium. All rights reserved.