Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

XML External Entities Attacks - Advanced Exploitation Techniques

OWASP Foundation via YouTube

Overview

Explore the hidden dangers of XML External Entities (XXE) attacks in this informative conference talk by Timothy Morgan. Delve into the pervasive use of eXtensible Markup Language (XML) in software projects and uncover the security vulnerabilities inherent in its design, particularly in inline schemas and document type definitions (DTDs). Discover a collection of exploitation techniques for XXE vulnerabilities, including novel approaches for file content theft, arbitrary data transmission to internal TCP services, and unauthorized file uploads. Learn about potential denial of service attacks and gain valuable insights into the overall risks associated with XXE attacks. Acquire recommendations for developers and XML library implementors to enhance security and prevent these attacks, ultimately raising awareness about this critical cybersecurity issue.

Syllabus

What You Didn't Know About XML External Entities Attacks - Timothy Morgan

Taught by

OWASP Foundation

Reviews

Start your review of XML External Entities Attacks - Advanced Exploitation Techniques

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.