This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 13 • 9:30am - 9:40am
Lightning Talk - Assessing and Exploiting XML Schemas Vulnerabilities

Sign up or log in to save this to your schedule and see who's attending!

Specifications for XML and XML schemas have been designed with multiple security flaws. At the same time, these specifications provide the tools required to protect XML applications. This provides a complex scenario for developers and a fun environment for hackers.

Even though XML schemas are used to define the security of XML documents, they are also used to perform a variety of attacks: file retrieval, server side request forgery, port scanning, and/or brute forcing.

This talk will analyze how new attack vectors can be inferred by analyzing the current vulnerabilities and how it is possible to affect common libraries and software. Recommendations will be shared to safely deploy applications relying in XML.

avatar for Fernando Arnaboldi

Fernando Arnaboldi

Senior Security Consultant, IOActive
Fernando Arnaboldi is a senior security consultant at IOActive specialized in code reviews and penetration tests.

Thursday October 13, 2016 9:30am - 9:40am
Room C

Attendees (34)