A live recorded session from Öredev 2015 with Fabio Viggiani, a top security consultant at TrueSec.
What’s up with XXE (XML External Entity)?
XML External Entity (XXE) attacks are not new, but we find them more and more often nowadays during penetration tests. What's up with that? Lack of awareness among developers is the most likely reason. XXE attacks are fun.
In this demo-based session we will see what attackers can do with it, from ex-filtrating files to targeting internal servers.
At the end of this video, you should have a pretty good overview of the risks involved with XML parsing, and you'll be able to prevent XXE attacks.
Let's stop this XXE thing before it becomes the new SQL injection!
Learn more about hacking and security for developers
To try new things on your own is often the key to knowledge that sticks. Fabio runs a few highly appreciated hands-on labs at LabCenter each year. Check out all security trainings here!