XML external entity attack
XML välisolemrünne, XXE-rünne
olemus
liik veebirakenduse ründeid:
- kasutab ära XML parseri konfiguratsiooni nõrkusi
- paigutab sobiva välisolemiviite XML-lähteandmetesse
ülevaateid
https://www.slideshare.net/CysinfoCommunity/xxe-xml-external-entity-attack
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE)
https://www.linkedin.com/pulse/xxe-attack-basics-nick-frichette
https://www.sans.org/reading-room/whitepapers/application/hands-on-xml-external-entity-vulnerability-training-module-34397
http://www.cs.tufts.edu/comp/116/archive/fall2015/rhogue.pdf
tõrje
https://www.hacksplaining.com/prevention/xml-external-entities
https://wiki.sei.cmu.edu/confluence/display/java/IDS17-J.+Prevent+XML+External+Entity+Attacks
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet