AppSec USA 2016 has ended
Back To Schedule
Thursday, October 13 • 9:30am - 9:40am
Lightning Talk - Assessing and Exploiting XML Schemas Vulnerabilities

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Specifications for XML and XML schemas have been designed with multiple security flaws. At the same time, these specifications provide the tools required to protect XML applications. This provides a complex scenario for developers and a fun environment for hackers.

Even though XML schemas are used to define the security of XML documents, they are also used to perform a variety of attacks: file retrieval, server side request forgery, port scanning, and/or brute forcing.

This talk will analyze how new attack vectors can be inferred by analyzing the current vulnerabilities and how it is possible to affect common libraries and software. Recommendations will be shared to safely deploy applications relying in XML.

avatar for Fernando Arnaboldi

Fernando Arnaboldi

Security Consultant
Fernando Arnaboldi is a developer and a security consultant who specializes in penetration testing and code reviews on multiple platforms. He has focused his research on breaking the security of different programming languages and has presented his findings in security conferences... Read More →

Thursday October 13, 2016 9:30am - 9:40am EDT
Room C