XXE for Dummies

In 2017 OWASP added XML External Entity (XXE) Processing to its list of Top Ten Vulnerabilities. Do you know what XXE is, how it can be exploited, and how to defend against XXE attacks? Most of the standard examples use open source stacks. Have you seen XXE in .NET? This crystal-clear explanation and demo will give you all the facts. Brian Myers, @brimy, (PhD, CISSP) has been working in security for five years and in software development long enough for his resume to include Borland and Netscape. He’s written books and articles on Windows programming. In his current job as Director of Information Security at WebMD Health Services Brian guides multiple teams building a SaaS web application housing HIPAA-regulated data. He also serves on the CS/IS Industry Advisory Board at Western Oregon University.