In this video, Ben Pick discusses the #1 issue on the OWASP Top 10 Most Critical Web Application Security Risks: Injection, with a focus on XML External Entity (XXE) Injection. The video highlights vulnerable code segments or requests to detect XXEs, as well as prevention strategies. A demonstration is included on how to identify XXE vulnerabilities and the results of an exploitation.
During the video, Ben mentioned the capture the flag challenge at London's 2017 Bsides conference which included an XXE vulnerability and the bug bounty write-up from an XXE vulnerability in Google's production servers. Links for additional information may be found below:
www.myhackerhouse.com/bsideslondon2017/
blog.detectify.com/2014/04/11/how-we-got-read-acce…
For those who missed the previous video on SQL injection, please feel free to catch up with the video link below:
• Understanding Application Security 101: SQ...
Ben Pick
コメント