Name: XXE: Why It’s Still in the Top 10 - Sam Shute
Start: 2021-07-12T17:30:00+12:00
End: 2021-07-12T19:30:00+12:00
Location: Quantum Security Services

XXE is commonly passed over in normal teaching and educational conference talks, but remains one of the top vulnerabilities for web servers that utilize XML parsers. Recently, we have still been finding applications vulnerable to XML Entity attacks, which this talk will cover in an easy to understand way.

Note: this was originally planned for June, but was delayed due to Wellington's COVID level change.

Description

XML External Entities (XXEs) have been in the OWASP Top Ten since 2017, however they have existed as a vulnerability class for approximately two decades. Entities within XML can be used to do lots of fun things as an attacker, such as causing a Denial-of-Service, stealing files, or even creating a backdoor.

This talk will cover the basics of what XXEs are, how to exploit them, and importantly for developers, how to prevent them.

Speaker Biography

Sam Shute is a Principal Security Consultant with Quantum Security in Wellington. His day-to-day work revolves mostly around running Quantum’s technical consulting team, but occasionally he gets out of the office to compromise applications and networks all around New Zealand.

Sam’s other areas of interest include network penetration testing, 3D printing, and lock picking.

Other Notes

The talk kicks off at 6pm, but we'll have some snacks before-hand. Arrive any time from 5:30pm onwards!

We will communicate any postponements if, for example, Wellington goes back to COVID Level 2. If you are unwell please RSVP "no" and do not attend. We'll look forward to seeing you when you're well.

Nick Malcolm

Kirk Jackson

OWASP New Zealand Chapter - Wellington

OWASP® Foundation 

Technology

Software Development

White Hat Hacking

Web Technology

Web Security

Web Development

OWASP

Information Security

Application Security

Software Security

Computer Security

Ethical Hacking

Penetration Testing

Web Application Security

XXE: Why It’s Still in the Top 10 - Sam Shute

Quantum Security Services

Share

OWASP New Zealand Chapter - Wellington

XXE: Why It’s Still in the Top 10 - Sam Shute

OWASP New Zealand Chapter - Wellington

Details

Members are also interested in