Exploiting XML Entity Vulnerabilities in File Parsing Functionality


View Recording

Thursday, November 19, 2015
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A



Brought to you by:

Exploiting XXE in File Upload Functionality - by Willis Vandevante

In this webcast we will discuss exploiting XML Entity Vulnerabilities in File Parsing/Upload functionality. We go over popular XML Entity attacks and their application inside XML supported file formats such as DOCX, XSLX, and PDF. We will walk through the technically relevant points of each format and demo exploitation on a real world product.

Presenter:

Willis VandevanterWillis Vandevanter

Willis Vandevanter is a principal at Silent Robot Systems. Prior to SRS, Will was a Senior Researcher at Onapsis and Lead Penetration Tester at Rapid7. He has previously spoken at DEFCON, TROOPERS, OWASP AppSec, and other conferences. In his spare time, he writes code and stumbles through CTFs.


Sponsor Presenter:

Tim JarrettTim Jarrett

Tim Jarrett is Senior Director of Enterprise Security Strategy at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and obsesses about how to make the world safe for—and from—software. He can be found on Twitter as @tojarrett.

UpcomingEvents

ShowCoverage

StayConnected

Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners