XML External Entities Attacks - Advanced Exploitation Techniques
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the hidden dangers of XML External Entities (XXE) attacks in this informative conference talk by Timothy Morgan. Delve into the pervasive use of eXtensible Markup Language (XML) in software projects and uncover the security vulnerabilities inherent in its design, particularly in inline schemas and document type definitions (DTDs). Discover a collection of exploitation techniques for XXE vulnerabilities, including novel approaches for file content theft, arbitrary data transmission to internal TCP services, and unauthorized file uploads. Learn about potential denial of service attacks and gain valuable insights into the overall risks associated with XXE attacks. Acquire recommendations for developers and XML library implementors to enhance security and prevent these attacks, ultimately raising awareness about this critical cybersecurity issue.
Syllabus
What You Didn't Know About XML External Entities Attacks - Timothy Morgan
Taught by
OWASP Foundation
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network