Lightning Talk - Assessing and Exploiting XML Schemas Vulnerabilities

Presented at AppSec USA 2016, Oct. 13, 2016, 9:30 a.m. (10 minutes)

Specifications for XML and XML schemas have been designed with multiple security flaws. At the same time, these specifications provide the tools required to protect XML applications. This provides a complex scenario for developers and a fun environment for hackers.

Even though XML schemas are used to define the security of XML documents, they are also used to perform a variety of attacks: file retrieval, server side request forgery, port scanning, and/or brute forcing.

This talk will analyze how new attack vectors can be inferred by analyzing the current vulnerabilities and how it is possible to affect common libraries and software. Recommendations will be shared to safely deploy applications relying in XML.


Presenters:

  • Fernando Arnaboldi - Senior Security Consultant - IOActive
    Fernando Arnaboldi is a senior security consultant at IOActive specialized in code reviews and penetration tests.

Links:

Similar Presentations: