Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities
|
This course will teach you what XML External Entity vulnerabilities are, how they are exploited, how you can identify the vulnerabilities in your code, and how you can protect your code against exploitation.
The OWASP Top 10 2017 contains a new entry; XML External Entities (XXE). As not many people know what this vulnerability is, it can be difficult to prevent against. In this course, Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities, you will learn what this vulnerability is, how it ended up in the latest OWASP Top 10, how you can identify it in your code, and how to protect against it. First, you will discover the impact of a successful XML External Entity attack. Next, you will explore how to identify risky parts in your code base. Finally, you will learn how to mitigate against vulnerabilities. By the end of this course, you will be familiar with the risk that XML External Entities pose.
Author Name: Peter Mosmans
Author Description:
Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penet… more
Table of Contents
- Course Overview
1min - Understanding the Dangers of XML External Entities (XXE)
11mins - Understanding XML External Entities (XXE) Injection and Expansion
16mins - Identifying Vulnerable Parts Within Existing Code
6mins - Mitigating XML External Entity (XXE) Vulnerabilities
23mins
User Reviews
Be the first to review “Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities”
Related Products
Collection with PowerSploit
In this course, we'll explore the language of logic and deductive reasoning. Completing this course will grant you the knowledge needed to make better decisions.
Securing Data Analytics Pipelines on AWS
As you start preparing for your AWS certified Data Analytics Specialty exam, you need to pay close attention to the security aspect of this certification. This course will teach you how to set up access control and encryption to your data analytics pipelines.
Securing Angular Apps with OpenID Connect and OAuth 2
OpenID Connect and OAuth 2 allow your apps to use modern security protocols and to participate in a Single Sign-on (SSO) experience across multiple apps. This course will show you how to authenticate users and authorize access in your Angular apps.
Getting Started with Keycloak
Adding SSO-friendly authentication and authorization to your applications using Keycloak doesn't have to be hard. Learn how to do a better job securing your apps by controlling access without spending weeks figuring it all out.
Implementing Host Security in Microsoft Azure
This course identifies the resources, tools, and methods needed to secure hosts in Azure as well as hosts connecting to Azure.
Using Microsoft Azure Security Tools to Protect AI Solutions
As more and more systems are automated with the use of AI, securing AI solutions is of paramount importance. In this course, you will explore the various facilities Azure offers to secure Azure machine service learning solutions.
There are no reviews yet.