Expert: Fabio Viggiani | Price: Free | Language: English | Level: Advanced - 300

How to prevent XML External Entity (XXE) hacker attacks

Get for Free

A live recorded session from Öredev 2015 with Fabio Viggiani, a top security consultant at TrueSec.

What’s up with XXE (XML External Entity)?

XML External Entity (XXE) attacks are not new, but we find them more and more often nowadays during penetration tests. What's up with that? Lack of awareness among developers is the most likely reason. XXE attacks are fun.

In this demo-based session we will see what attackers can do with it, from ex-filtrating files to targeting internal servers.

At the end of this video, you should have a pretty good overview of the risks involved with XML parsing, and you'll be able to prevent XXE attacks.

Let's stop this XXE thing before it becomes the new SQL injection!

Learn more about hacking and security for developers

To try new things on your own is often the key to knowledge that sticks. Fabio runs a few highly appreciated hands-on labs at LabCenter each year. Check out all security trainings here!

Fabio Viggiani

Penetration Testing Expert

Fabio is the Technical Lead of Penetration testing at the security power house TrueSec. He has broad experience from penetration tests of banks, agencies and all sorts of enterprise customers around the globe.

His main focus is conducting and leading advanced penetration tests simulating APT's (Advanced Persistent Threats).

Fabio has a unique capability when it comes to getting an overview of an entire target environment and identify its vulnerabilities down to every detail.

Follow him on Twitter @fabio_viggiani for the latest updates.

Blog: www.labcenternews.se/fabio-viggiani

All programs