XML Attack Surface
Tuesday, January 22, 2013 from 6:00 PM to 8:00 PM (EST)
Come join us for a talk on XML processing security vulnerabilities and how to avoid them!
Security vulnerabilities with XML processing can be a real threat to applications, especially when malicious XML can be submitted remotely. Fortunately, these issues can be easily avoided by properly configuring XML parsers.
Several attack types will be presented with a live demo covering the following: Denial of Service, Arbitrary file Content disclosure, and Remote OS command injection. Vulnerabilities caused by misconfiguration of XML parsing, XML transforms and Xpath queries will be investigated and suggestions on how to prevent these type of attacks will be provided with a developer perspective.
The Java programming language will be used, but the concepts presented can easily be adapted to other languages and frameworks.
Pierre Ernst is a senior member of the IBM Business Analytics Security Competency Group at the Ottawa Lab in Canada. A former software developer turned penetration tester, he's responsible for finding security vulnerabilities in IBM applications before they are released. Using a combination of manual testing and secure code review, his work complements automated vulnerability scanners. Pierre is also responsible for giving guidance to developers on how to mitigate and fix security issues.
Your message has been sent!
In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.