Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities

Focused View

Peter Mosmans

59:59

43 View

0. Course Overview

0. Course Overview.mp4

01:49

1. Understanding the Dangers of XML External Entities (XXE)

0. Course Introduction.mp4

04:29

1. Demo- Performing an XML External Entities Injection Attack.mp4

02:52

2. The Impact of XML External Entity Attacks.mp4

01:33

3. OWASP Top 10 2017 and XML External Entities.mp4

01:27

4. Module Summary.mp4

00:48

2. Understanding XML External Entities (XXE) Injection and Expansion

0. Module Introduction.mp4

01:12

1. XML Basics.mp4

05:19

2. XXE Injection and Expansion.mp4

03:38

3. Demo- XML Validation and Expansion.mp4

03:44

4. Expansion, SOAP, and More.mp4

02:00

5. Module Summary.mp4

00:52

3. Identifying Vulnerable Parts Within Existing Code

0. Module Introduction.mp4

01:02

1. At Risk Scenarios.mp4

02:34

2. Test for XXE Vulnerabilities.mp4

02:04

3. Module Summary.mp4

00:48

4. Mitigating XML External Entity (XXE) Vulnerabilities

0. Module Introduction.mp4

01:24

1. Applying a General Mitigation Strategy.mp4

03:45

2. Applying XML External Entities (XXE) Mitigations in Java.mp4

02:16

3. Demo- Mitigating XML External Entity Vulnerabilities in Java.mp4

05:44

4. Applying XML External Entities (XXE) Mitigations in .NET.mp4

02:41

5. Applying XXE Mitigations in PHP and Other Languages.mp4

03:25

6. Demo- Revisit First PHP Demo.mp4

01:47

7. Module and Course Summary.mp4

02:46

Description

This course will teach you what XML External Entity vulnerabilities are, how they are exploited, how you can identify the vulnerabilities in your code, and how you can protect your code against exploitation.

What You'll Learn?

The OWASP Top 10 2017 contains a new entry; XML External Entities (XXE). As not many people know what this vulnerability is, it can be difficult to prevent against. In this course, Secure Coding: Identifying and Mitigating XML External Entity (XXE) Vulnerabilities, you will learn what this vulnerability is, how it ended up in the latest OWASP Top 10, how you can identify it in your code, and how to protect against it. First, you will discover the impact of a successful XML External Entity attack. Next, you will explore how to identify risky parts in your code base. Finally, you will learn how to mitigate against vulnerabilities. By the end of this course, you will be familiar with the risk that XML External Entities pose.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Ethical Hacking

Cyber Security

Penetration Testing

Information Security

Cyber Security Awareness

Peter Mosmans

Instructor's Courses

Peter started out in the nineties as software engineer working on internet banking applications for various European financial institutions. After developing, he moved to the role of defending and designing systems and networks for high-availability websites. Since 2004 he started specializing in breaking: pentesting complex and feature-rich web applications. Currently he leads a global team of highly skilled penetration testers as lead pentester. He is a contributor to several open-source penetration testing tools, and he maintains an extra-featured OpenSSL fork. He likes to speak at international security conferences and meetings, such as OWASP, BSides, OSDC and NullCon - which mixes really well with being a permanent road warrior. Home is 127.0.0.1.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.