OWASP Top 10: A4 - XML External Entities
OWASP
| Intermediate
- 7 videos | 31m 48s
- Includes Assessment
- Earns a Badge
Extensible Markup Language uses tags to describe data and has become the standard information exchange format between dissimilar systems. Many applications use XML to share and manage data. In this course, you'll begin with an XML overview, including document type definitions and how XML differs from HTML. Next, you'll learn what XML external entity attacks are. Moving on, you'll examine how the OWASP ZAP tool can scan a vulnerable web application and identify weaknesses. Next, you'll explore how to scan a web app for XXE vulnerabilities and execute an XXE attack. Lastly, you'll learn how to mitigate XXE attacks.
WHAT YOU WILL LEARN
-
Discover the key concepts covered in this course
Identify how extensible markup language (xml) is used to describe data
List various ways that xml attacks can be executed
Scan a web application for xml vulnerabilities -
Execute an xml external entity attack
Describe how to mitigate xxe attacks
Summarize the key concepts covered in this course
IN THIS COURSE
-
1m 31s
-
6m 20s
-
3. XML External Entity Attacks4m 57s
-
4. Scanning For XXE Vulnerabilities4m 43s
-
5. Executing an XXE Attack7m 16s
-
6. Mitigating XXE Attacks6m 15s
-
7. Course Summary46s
EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE
Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.
Digital badges are yours to keep, forever.
