role-iq-logo
Rock [Azure]
See all Azure roles

Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities

This course will teach you what XML External Entity vulnerabilities are, how they are exploited, how you can identify the vulnerabilities in your code, and how you can protect your code against exploitation.
Course info
Rating
(10)
Level
Intermediate
Updated
Dec 18, 2018
Duration
1h 0m
Table of contents
Description
Course info
Rating
(10)
Level
Intermediate
Updated
Dec 18, 2018
Duration
1h 0m
Description

The OWASP Top 10 2017 contains a new entry; XML External Entities (XXE). As not many people know what this vulnerability is, it can be difficult to prevent against. In this course, Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities, you will learn what this vulnerability is, how it ended up in the latest OWASP Top 10, how you can identify it in your code, and how to protect against it. First, you will discover the impact of a successful XML External Entity attack. Next, you will explore how to identify risky parts in your code base. Finally, you will learn how to mitigate against vulnerabilities. By the end of this course, you will be familiar with the risk that XML External Entities pose.

About the author
About the author

Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. Since 2004, he started specializing in pentesting complex and feature-rich web applications. Currently, he leads a global team of highly skilled and enthusiastic penetration testers as lead pentester.

More from the author
More courses by Peter Mosmans
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
High everyone. My name is Peter Mosmans, and I'd like to welcome you to my course on Secure Coding: Identifying and Mitigating XML External Entity Vulnerabilities. I am a former software developer and now a lead penetration tester working for multiple companies around the globe. A new entry in the latest iteration of the OWASP top 10 was XML external entities, and many people were surprised to find it there in the top 10, but what is it exactly? Are you vulnerable? How can you protect yourself? In this course we are going to dive deeper into XML and the risk that external entities pose. We will show you how you can identify whether your code is vulnerable or not. Some of the major topics that we will cover include what the impact is of a successful XML external entity attack, how to identify risky parts in your code base, how to mitigate against vulnerabilities in several popular development languages. By the end of this course you will be familiar with the risk that XML External Entities pose. You will know several general mitigation strategies and be armed with enough knowledge in order to never introduce such vulnerabilities in your code again. Before beginning the course you should be curious. Knowledge of software development is a plus, but not strictly necessary. The course itself is for anyone wanting to learn more about XML External Entities. I hope you'll join me on this journey to learn all about external entity vulnerabilities with the Secure Coding: Identifying and Preventing XML External Entity Vulnerabilities course here at Pluralsight.