Attacking XML Processing
Offered By: Hack in Paris via YouTube
Course Description
Overview
Explore the security implications of XML technologies in this 47-minute conference talk from Hack in Paris. Delve into a year-long research on XML format and processing practices, covering targets from browsers to enterprise-level security solutions and web-service back-ends. Examine key technologies including XML grammar (DTD), homo-iconicity, self-contained dynamic SVG images, design and implementation vulnerabilities in XSLT and XPath engines, in-memory exploitation of Java-based XSLT engines, and XML databases. Learn about systematically released proof-of-concept code for patched vulnerabilities, gaining valuable insights into potential security risks and mitigation strategies in XML processing.
Syllabus
Nicolas Gregoire Attacking XML Processing
Taught by
Hack in Paris
Related Courses
NetflOSINT- Taking an Often-Overlooked Data Source and Operationalizing It - Joe Gray - Hack in ParisHack in Paris via YouTube All Roads Lead to OpenVPN Pwning Industrial Remote Access Clients - Sharon Brizinov - Hack in Paris - 2021
Hack in Paris via YouTube Exploits in Wetware - R. Sell - Hack in Paris - 2019
Hack in Paris via YouTube All Your GPS Trackers Belong to Us - C. Kasmi, P. Barre - Hack in Paris - 2019
Hack in Paris via YouTube In NTDLL I Trust - Process Reimaging and Endpoint Security Solution Bypass - E. Carroll - Hack in Paris - 2019
Hack in Paris via YouTube