Overview
Explore the hidden dangers of XML External Entities (XXE) attacks in this informative conference talk by Timothy Morgan. Delve into the pervasive use of eXtensible Markup Language (XML) in software projects and uncover the security vulnerabilities inherent in its design, particularly in inline schemas and document type definitions (DTDs). Discover a collection of exploitation techniques for XXE vulnerabilities, including novel approaches for file content theft, arbitrary data transmission to internal TCP services, and unauthorized file uploads. Learn about potential denial of service attacks and gain valuable insights into the overall risks associated with XXE attacks. Acquire recommendations for developers and XML library implementors to enhance security and prevent these attacks, ultimately raising awareness about this critical cybersecurity issue.
Syllabus
What You Didn't Know About XML External Entities Attacks - Timothy Morgan
Taught by
OWASP Foundation