[Owasp-testing] Testing Guide V4 - Start up
luca.carettoni at ikkisoft.com
Tue Sep 4 17:34:19 UTC 2012
On Mon, 2012-09-03 at 13:56 +0200, Paolo Perego wrote:
> Actually XML vs JSON debate is a question either client side (ajax
> calls) than server side (APIs and webservices using both the data
> formats) that we must address in the guide.
Speaking of "pure" XML, we should probably extend the XML injection
section with all techniques and details discovered by @Agarri_FR:
advanced XEE attacks (e.g. binary files retrieval), XSLT code exec, etc.
Luca Carettoni <luca.carettoni at ikkisoft.com>
More information about the Owasp-testing