Exploiting XML Entity Vulnerabilities in File Parsing Functionality
Thursday, November 19, 2015
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A
Brought to you by:
Exploiting XXE in File Upload Functionality - by Willis Vandevante
In this webcast we will discuss exploiting XML Entity Vulnerabilities in File Parsing/Upload functionality. We go over popular XML Entity attacks and their application inside XML supported file formats such as DOCX, XSLX, and PDF. We will walk through the technically relevant points of each format and demo exploitation on a real world product.
Willis Vandevanter is a principal at Silent Robot Systems. Prior to SRS, Will was a Senior Researcher at Onapsis and Lead Penetration Tester at Rapid7. He has previously spoken at DEFCON, TROOPERS, OWASP AppSec, and other conferences. In his spare time, he writes code and stumbles through CTFs.
Tim Jarrett is Senior Director of Enterprise Security Strategy at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and obsesses about how to make the world safe for—and from—software. He can be found on Twitter as @tojarrett.