09/29/2008
XML bombs, killing multimillion projects with a few lines of code
Just because of an oversight, one forgot to control automatically.
Didier Stevens wrote about it and got my attention
More resources
* 2002 : http://news.cnet.com/2010-1071-961117.html
* Microsoft webservices practices
* ehealth networks and SOA dangers (also XML bombs)
* XML security: Preventing XML bombs With the use of Web services, XML security becomes increasingly important. Web services expert Rami Jaamour explains the damage an XML bomb can do and how ...
* Hardening Web Services File Format: PDF/Adobe Acrobat
the “XML bomb” causes a denial of service.
* Protecting Web services and Web applications against security threats File Format: Microsoft Powerpoint Query XML documents for certain nodes. External Entity Attacks. Misuse pointed to XML data using URI. XML Bombs
and you have now XML firewalls and XML application testers and XML IDS and all the rest that you should use because if you can spend millions of Euro's on projects, you should be able to spend thousands of Euro's on the security of your project.
.
13:14 | Permalink | Comments (0) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
Post a comment