An overlooked threat and how it can be remediated


XML External Entity (XXE) is a vulnerability which occurs when the xml parser of an application parses user supplied input and responds with the requested information without performing any validation.

In other words - XML input that has a reference to an external entity is parsed by an improperly configured XML parser. By using malformed vectors, an attacker could access sensitive information that is otherwise inaccessible.

The white paper covers

  • What is XML Entity?

  • How does XXE get exploited?

  • Where is XXE found commonly?

  • How to remediate XXE?

To learn how Spirent can help with your testing requirements, please visit: SecurityLabs