278 C HAPTER 10 ASP.NET security The next section will address a problem that's similar to two we've already addressed: path canonicalization. This problem is subtle to catch, but it can produce dangerous vulnerabilities. Let's take a look at how to prevent them. 10.5 Controlling path composition: path canonicalization vulnerabilities Path canonicalization is the corresponding threat for file access, as SQL injection is for SQL queries. Canonicalization is, in general, a process for converting data into a canonical (or standard) form. With respect to the path, it refers to the action that builds a path in a safe form. This process is shown in figure 10.9. ..\..\..\..\windows\(...)\applicationHost.config ReadFile(...) processing <configuration> ... </configuration>