XML processing is widely used in modern web applications. This course, Web App Hacking: Hacking XML Processing, will teach you how to avoid the severe consequences of insecure XML processing. First, youÕll learn how the attacker can read the content of sensitive files from the web server with an XML External Entity attack (XXE). Next, youÕll discover how the attacker can steal the SecretAccessKey of the application hosted on Amazon Web Services as a result of an XXE attack. Then, youÕll see how the attacker can get a discount in an online store as a result of an XPath injection. After that, youÕll cover how the attacker can steal a userÕs password as a result of an XSS attack via XML. Finally, youÕll explore how the attacker can upload an XML-based image (SVG) and steal some sensitive data from a user as a result of an XSS attack via SVG. By the end of the course, you'll know how to test web applications for various XML processing flaws and how to provide countermeasures for these problems.
XSS via XML
XSS via SVG
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.