AKIT
    English Eesti

    XML external entity attack

    XML välisolemrünne, XXE-rünne

    olemus
    liik veebirakenduse ründeid:
    - kasutab ära XML parseri konfiguratsiooni nõrkusi
    - paigutab sobiva välisolemiviite XML-lähteandmetesse

    ülevaateid
    https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

    https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE)

    https://www.linkedin.com/pulse/xxe-attack-basics-nick-frichette

    https://www.sans.org/reading-room/whitepapers/application/hands-on-xml-external-entity-vulnerability-training-module-34397

    http://www.cs.tufts.edu/comp/116/archive/fall2015/rhogue.pdf

    tõrje
    https://www.hacksplaining.com/prevention/xml-external-entities

    https://wiki.sei.cmu.edu/confluence/display/java/IDS17-J.+Prevent+XML+External+Entity+Attacks

    https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet