XML External Entities Attacks - Advanced Exploitation Techniques

Overview

Explore the hidden dangers of XML External Entities (XXE) attacks in this informative conference talk by Timothy Morgan. Delve into the pervasive use of eXtensible Markup Language (XML) in software projects and uncover the security vulnerabilities inherent in its design, particularly in inline schemas and document type definitions (DTDs). Discover a collection of exploitation techniques for XXE vulnerabilities, including novel approaches for file content theft, arbitrary data transmission to internal TCP services, and unauthorized file uploads. Learn about potential denial of service attacks and gain valuable insights into the overall risks associated with XXE attacks. Acquire recommendations for developers and XML library implementors to enhance security and prevent these attacks, ultimately raising awareness about this critical cybersecurity issue.

Syllabus

What You Didn't Know About XML External Entities Attacks - Timothy Morgan

Taught by

OWASP Foundation

Reviews

Start your review of XML External Entities Attacks - Advanced Exploitation Techniques

100 Most Popular Courses For October

Most common

Popular subjects

Popular courses

XML External Entities Attacks - Advanced Exploitation Techniques

Overview

Syllabus

Taught by

Reviews

100 Most Popular Courses For October

Taught by

OWASP Top 10 - A4:2017 - XML External Entities

OWASP Top 10 - A05:2021 - Security Misconfiguration

XML External Entity Injection

Remediating XML External Entity Injection - Cyber Security Tutorial

FileCry - The New Age of XXE

From DTD to XXE - An Evaluation of XML Parsers

Never Stop Learning.