Expert: Fabio Viggiani | Price: Free | Language: English |

How to prevent XML External Entity (XXE) hacker attacks

A live recorded session from Öredev 2015 with Fabio Viggiani, a top security consultant at TrueSec.

What’s up with XXE (XML External Entity)?

XML External Entity (XXE) attacks are not new, but we find them more and more often nowadays during penetration tests. What's up with that? Lack of awareness among developers is the most likely reason. XXE attacks are fun. 

In this demo-based session we will see what attackers can do with it, from ex-filtrating files to targeting internal servers.

At the end of this video, you should have a pretty good overview of the risks involved with XML parsing, and you'll be able to prevent XXE attacks.

Let's stop this XXE thing before it becomes the new SQL injection!

Learn more about hacking and security for developers

To try new things on your own is often the key to knowledge that sticks. Fabio runs a few highly appreciated hands-on labs at LabCenter each year. Check out all security trainings here!

Tags: Öredev | Fabio Viggiani | Hacking | XXE | XML | Security | TrueSec | cyber threat | Cyberattacks | Cyber Security

Pjchkzklsgoz3f8ojaba fabio viggiani expert labcenterplay

Fabio Viggiani

Penetration Testing Expert

Fabio is the Technical Lead of Penetration testing at the security power house TrueSec. He has broad experience from penetration tests of banks, agencies and all sorts of enterprise customers around the globe.

His main focus is conducting and leading advanced penetration tests simulating APT's (Advanced Persistent Threats).

Fabio has a unique capability when it comes to getting an overview of an entire target environment and identify its vulnerabilities down to every detail.

Follow him on Twitter @fabio_viggiani for the latest updates.


All programs