A Hands-on XML External Entity Vulnerability Training Module

Many web applications that accept and respond to XML requests are vulnerable to XML External Entity (XXE) attacks due to default XML parser settings. This vulnerability can be exploited to read arbitrary files from the server, including sensitive files such as the application configuration files....

By

Carrie Roberts

November 4, 2013

All papers are copyrighted. No re-posting of papers is permitted

Related Content

Coolest Careers Poster

SANSがおすすめするサイバーセキュリティの仕事20選: DevSecOps エンジニア

DevSecOps エンジニアの主な業務や、スキルアップのためのSANSのおすすめのコースを紹介します！

Cloud Security, DevSecOps

February 10, 2023

What is DevSecOps

Part one of a four-part blog series about what’s needed to shake, shimmy, and shift left

Stacey Dunn

What's New in SEC540: Cloud Security and DevSecOps Automation

The Cloud Moves Fast. Automate to Keep Up.