How to Break XML Encryption - Automatically
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the vulnerabilities in XML Encryption and learn how to automatically detect and exploit them in this 43-minute Black Hat conference talk. Gain insights into adaptive chosen-ciphertext attacks that allow decryption of symmetric and asymmetric XML ciphertexts without knowing secret keys. Discover the challenges in implementing the updated W3C XML Encryption standard and the complexities in evaluating security configuration correctness. Follow the development of an algorithm for vulnerability scanning of encrypted XML messages and its implementation as an open-source attack plugin for the WS-Attacker tool. Examine real-world vulnerabilities found in major Web Service implementations, including IBM Datapower and Apache CXF. Delve into topics such as hybrid encryption, symmetric encryption, plaintext validation, and secure cryptography to enhance your understanding of XML Encryption security.
Syllabus
Intro
About me
Presentation
The Problem
Hybrid Encryption
Symmetric Encryption
Plain Text Validation
Flipping ASCII
What could go wrong
How to analyze this automatically
Secure Cryptography
Conclusion
Questions
Taught by
Black Hat
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network