OWASP Top 10: A4 - XML External Entities

OWASP 2021    |    Intermediate
  • 7 Videos | 31m 48s
  • Includes Assessment
  • Earns a Badge
Extensible Markup Language uses tags to describe data and has become the standard information exchange format between dissimilar systems. Many applications use XML to share and manage data. In this course, you'll begin with an XML overview, including document type definitions and how XML differs from HTML. Next, you’ll learn what XML external entity attacks are. Moving on, you'll examine how the OWASP ZAP tool can scan a vulnerable web application and identify weaknesses. Next, you'll explore how to scan a web app for XXE vulnerabilities and execute an XXE attack. Lastly, you'll learn how to mitigate XXE attacks.

WHAT YOU WILL LEARN

  • discover the key concepts covered in this course
    identify how Extensible Markup Language (XML) is used to describe data
    list various ways that XML attacks can be executed
    scan a web application for XML vulnerabilities
  • execute an XML external entity attack
    describe how to mitigate XXE attacks
    summarize the key concepts covered in this course

IN THIS COURSE

  • Playable
    1. 
    Course Overview
    1m 31s
    UP NEXT
  • Playable
    2. 
    Extensible Markup Language
    6m 20s
  • Locked
    3. 
    XML External Entity Attacks
    4m 57s
  • Locked
    4. 
    Scanning For XXE Vulnerabilities
    4m 43s
  • Locked
    5. 
    Executing an XXE Attack
    7m 16s
  • Locked
    6. 
    Mitigating XXE Attacks
    6m 15s
  • Locked
    7. 
    Course Summary
    46s

EARN A DIGITAL BADGE WHEN YOU COMPLETE THIS COURSE

Skillsoft is providing you the opportunity to earn a digital badge upon successful completion of this course, which can be shared on any social network or business platform

Digital badges are yours to keep, forever.

YOU MIGHT ALSO LIKE