This course covers the security implications of XML format and its processing practices, targeting browsers, enterprise-level security solutions, and web-service back-ends. Key technologies such as XML grammar, dynamic SVG images, XSLT, XPath engines, Java-based XSLT engines, and XML databases are addressed. The course includes the release of PoC code for patched vulnerabilities. The intended audience for this course is individuals interested in XML security and cybersecurity.
Overview
Syllabus
Nicolas Gregoire Attacking XML Processing
Taught by
Hack in Paris