From the course: Ethical Hacking with JavaScript
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
XML external entities - JavaScript Tutorial
From the course: Ethical Hacking with JavaScript
XML external entities
- [Instructor] XML External Entities have been promoted to a top 10 issue on OWASP and for a good reason. This attack occurs when an XML document is malformed and could be exploited for DOS attacks. This is what a malformed XML document looks like. And to detect malformed XML documents you have, most editors will be able to detect them. But if it doesn't, or one was added to your application or website, then you have a problem. In this scenario, the attacker exploited the XML malformed document that takes a bit more time to process due to its structure, and then leveraged this bad XML document to render the resource processing unit useless, therefore denying its users of the resource, which is a denial of service or DOS attack. If in your application you are using XML documents, make sure you're using proper syntax as you could be subjecting your users to not only slower performance, but also opening up an opportunity for a hacker to attack your systems with a DOS attack.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
(Locked)
Injection threat2m 23s
-
(Locked)
Broken authentication1m 54s
-
(Locked)
Sensitive data1m 5s
-
(Locked)
XML external entities1m 6s
-
(Locked)
Security misconfiguration1m 29s
-
(Locked)
Insecure deserialization1m 10s
-
(Locked)
Components with known vulnerabilities1m 12s
-
(Locked)
Insufficient logging and monitoring1m 47s
-
(Locked)
-