XXE An overlooked threat WhitePaper

Security is hard to get right, and even in today’s security conscious world, there are few serious vulnerabilities such as XML External Entity (XXE) that are being overlooked and end up becoming the cause for a breach. An XXE attack is a type of computer security vulnerability that is typically found in Web applications, allowing attackers to disclose files that are normally protected from a connected network or server. XXE vulnerability has now been known for more than a decade, however automated tools started detecting rudimentary cases of this issue only in the recent past. Therefore, if this vulnerability is exploited, the damage could be very severe ranging from information disclosure to denial of service or even remote code execution if everything falls into place.