|
PRESENTATION:
|
Assessing and Exploiting XML Schemas Vulnerabilities
|
|
PRESENTER(S):
|
Fernando Arnaboldi, Senior Security Consultant for IOActive
|
|
CONFERENCE:
|
OWASP AppSec USA 2016
|
|
LOCATION:
|
Renaissance Washington, Washington, DC, USA
|
|
DATE & TIME:
|
October 13, 2016 at 9:30AM ET
|
Specifications for XML and XML schemas have been designed with multiple security flaws. At the same time, these specifications provide the tools required to protect XML applications. This provides a complex scenario for developers and a fun environment for hackers.
Even though XML schemas are used to define the security of XML documents, they are also used to perform a variety of attacks: file retrieval, server side request forgery, port scanning, and/or brute forcing.
This talk, given by Fernando Arnaboldi, will explore how new attack vectors can be inferred by analyzing the current vulnerabilities and how it is possible to affect common libraries and software. Recommendations will be shared to safely deploy applications relying in XML.
About Fernando Arnaboldi
Fernando Arnaboldi is a Senior Security Consultant for IOActive, where he specializes in performing penetration attacks and source code reviews on multiple platforms. He has over ten years of experience in the security research space (Deloitte, Core Security Technologies, and IOActive), and he holds a Bachelor’s degree in Computer Science. His latest research has also been selected as part of Dark Reading’s ‘Top 10 Web Hacking Techniques for 2015.’
About AppSecUSA 2016
OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. AppSec USA is a world-class software security conference for developers, auditors, risk managers, technologists, and entrepreneurs gathering with the world’s top practitioners to share the latest research and practices. Attendees will be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle challenges in innovative ways.
About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.
###