[Owasp-leaders] Needed: OWASP Article on XML External Entity (XXE) Attacks
Dave Wichers
dave.wichers at owasp.org
Fri Mar 2 14:28:04 UTC 2012
All,
I noticed that Sascha Herzog uploaded a presentation about this topic to
OWASP.
It is at: https://www.owasp.org/images/5/5d/XML_Exteral_Entity_Attack.pdf
And there is also a minor reference to this issue in the OWASP testing guide
page on XML Injection .
However, we don't have an article specifically on this topic at OWASP.
Would some people be interested/willing to contributing to writing such an
article?
I think this is a very important and extremely common risk that most people
are NOT aware of. I want to put some sunshine on this issue and as a first
step I want to have a great article about this topic that I can point people
to, and then maybe in the future a separate article on how to avoid it.
Actually, I think this particular issue is simple enough that we can explain
the issue AND how to fix it in the same article, but I could be wrong.
Any takers? I'd recommend it be at:
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Attack, with a
shortcut from: https://www.owasp.org/index.php/XXE.
Thanks, Dave
p.s. I've done this several times before, but I usually just reach out to an
individual to write the article. For example I asked:
. Amit Klein - the discoverer of DOM-based XSS to write OWASP's
DOM-based XSS Article.
. Gustav Rydstedt - A coauthor of the Stanford Clickjacking paper to
write OWASP's article on Clickjacking.
And they did. J
So hopefully Sascha, and/or others will step up. Thanks again.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120302/a37b15eb/attachment.html>
More information about the OWASP-Leaders
mailing list