Web App Hacking: Hacking XML Processing

This course helps to understand different types of vulnerabilities in XML processing. You'll learn how to test web applications for various XML processing flaws and how to provide countermeasures for these problems.
Course info
Rating
(13)
Level
Beginner
Updated
Jan 23, 2018
Duration
50m
Table of contents
Description
Course info
Rating
(13)
Level
Beginner
Updated
Jan 23, 2018
Duration
50m
Description

XML processing is widely used in modern web applications. This course, Web App Hacking: Hacking XML Processing, will teach you how to avoid the severe consequences of insecure XML processing. First, you’ll learn how the attacker can read the content of sensitive files from the web server with an XML External Entity attack (XXE). Next, you’ll discover how the attacker can steal the SecretAccessKey of the application hosted on Amazon Web Services as a result of an XXE attack. Then, you’ll see how the attacker can get a discount in an online store as a result of an XPath injection. After that, you’ll cover how the attacker can steal a user’s password as a result of an XSS attack via XML. Finally, you’ll explore how the attacker can upload an XML-based image (SVG) and steal some sensitive data from a user as a result of an XSS attack via SVG. By the end of the course, you'll know how to test web applications for various XML processing flaws and how to provide countermeasures for these problems.

About the author
About the author

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings.

More from the author
Web App Hacking: Caching Problems
Beginner
45m
10 May 2017
More courses by Dawid Czagan