OWASP Top 10 – XML External Entities (XXE)

This causes

  • Data extraction
  • Remote  code execution
  • Scan internal systems
  • Perform Denial of Service.

Your application is vulnerable if it uses SAML for identity processing and your XML Processor parses

  • Untrusted XML Acceptance
  • Untrusted XML Uploads
  • Inserting untrusted data in XML

Solutions

  • sanitize input
  • SOAP 1.2
  • Patch and upgrade XML  processor

DISABLE XML External Entity and DTD Processing in all XML Parsers in applications.

What's on your mind?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.