XXE: When Features Become Vulnerabilities (Acunetix)

Closed captioning will be available in English and Japanese for all keynotes and RSAC track sessions.
Please note: All times are in SGT.

XML is widely used in web applications. External entities are a feature in XML that allow inclusion of other documents. While external entities are pretty much a legacy feature, your XML parser probably supports them. This session will explore the possibilities of how XML External Entity Injection (XXE) could be used against a web application to steal data and affect confidentiality.