Exploiting XML Entity Vulnerabilities in File Parsing Functionality

View Recording

Thursday, November 19, 2015
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A

Brought to you by:

Exploiting XXE in File Upload Functionality - by Willis Vandevante

In this webcast we will discuss exploiting XML Entity Vulnerabilities in File Parsing/Upload functionality. We go over popular XML Entity attacks and their application inside XML supported file formats such as DOCX, XSLX, and PDF. We will walk through the technically relevant points of each format and demo exploitation on a real world product.


Willis VandevanterWillis Vandevanter

Willis Vandevanter is a principal at Silent Robot Systems. Prior to SRS, Will was a Senior Researcher at Onapsis and Lead Penetration Tester at Rapid7. He has previously spoken at DEFCON, TROOPERS, OWASP AppSec, and other conferences. In his spare time, he writes code and stumbles through CTFs.

Sponsor Presenter:

Tim JarrettTim Jarrett

Tim Jarrett is Senior Director of Enterprise Security Strategy at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and obsesses about how to make the world safe for—and from—software. He can be found on Twitter as @tojarrett.


  • Black Hat USA 2017
    July 22-27, 2017
  • Black Hat Europe 2017
    December 4-7, 2017
  • Black Hat Asia 2018
    March 20-23, 2018



Fill out the form below to stay up to date on the latest Black Hat info, newsletters and intel.

First Name
Last Name
Subscription Group

Sustaining Partners