Abusing XSLT for Practical Attacks
Offered By: Black Hat via YouTube
Course Description
Overview
Explore how XSLT can be exploited for practical attacks in this 44-minute Black Hat conference talk by Fernando Arnaboldi. Delve into the vulnerabilities of XML and its implementations, focusing on XSLT's potential to compromise system integrity, cause code logic failures, and breach user confidentiality. Learn about techniques for affecting arithmetic operations, partially reading system files to disclose sensitive information, and bypassing same-origin policy in web browsers. Witness proof-of-concept attacks demonstrating XSLT's impact on production systems and gain valuable insights into safe development practices to mitigate these risks.
Syllabus
Abusing XSLT For Practical Attacks
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network