XML External Entities Attacks - Advanced Exploitation Techniques
Earn a Michigan Engineering AI Certificate — Stay Ahead of the AI Revolution
The Investment Banker Certification
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore the hidden dangers of XML External Entities (XXE) attacks in this informative conference talk by Timothy Morgan. Delve into the pervasive use of eXtensible Markup Language (XML) in software projects and uncover the security vulnerabilities inherent in its design, particularly in inline schemas and document type definitions (DTDs). Discover a collection of exploitation techniques for XXE vulnerabilities, including novel approaches for file content theft, arbitrary data transmission to internal TCP services, and unauthorized file uploads. Learn about potential denial of service attacks and gain valuable insights into the overall risks associated with XXE attacks. Acquire recommendations for developers and XML library implementors to enhance security and prevent these attacks, ultimately raising awareness about this critical cybersecurity issue.
Syllabus
What You Didn't Know About XML External Entities Attacks - Timothy Morgan
Taught by
OWASP Foundation