ARTÍCULO
TITULO

Vulnerability Testing in Web Applications External Entities XML

Aleksandr ?. Osincev    
Olga R. Laponina    

Resumen

The paper considers the concept of external entities in the XML language, provides the most popular scenarios for executing attacks on web applications using external XML entities. A brief comparative review of dynamic testing tools for XXE-vulnerabilities has been performed. Described the process of deploying the stand for testing web applications for the presence of XXE vulnerability and implemented various testing scenarios both manually and using the OWASP ZAP scanner. There are also improvements to the OWASP ZAP software that were implemented during the course of the work. XXE testing was performed on two applications: OWASP Multillidae and XXELab. A module has been implemented that allows you to configure ZAP through the REST API, run the scanner to actively scan XXE vulnerabilities and get a report on the work. Vulnerability search automation is implemented using the REST API and Qt.

 Artículos similares

       
 
Francesc Mateo Tudela, Juan-Ramón Bermejo Higuera, Javier Bermejo Higuera, Juan-Antonio Sicilia Montalvo and Michael I. Argyros    
This document provides a complete comparative study of how different types of security analysis tools, (static, interactive and dynamic) can combine to obtain the best performance results in terms of true and false positive ratios taking into account dif... ver más
Revista: Applied Sciences

 
Boris Svilicic, Igor Rudan, Alen Jugovic and Damir Zec    
The integrated navigational system (INS) enhances the effectiveness and safety of ship navigation by providing multifunctional display on the basis of integration of at least two navigational functions, the voyage route monitoring with Electronic Chart D... ver más

 
Michael Lescisin, Qusay H. Mahmoud and Anca Cioraca    
Software security is a component of software development that should be integrated throughout its entire development lifecycle, and not simply as an afterthought. If security vulnerabilities are caught early in development, they can be fixed before the s... ver más
Revista: Computers

 
Chen Cao, Shengyuan Song, Jianping Chen, Lianjing Zheng, Yuanyuan Kong     Pág. 1 - 17
Debris flow is one of the major threats for the sustainability of environmental and social development. The velocity directly determines the impact on the vulnerability. This study focuses on an approach using radial basis function (RBF) neural network a... ver más
Revista: Water

 
Nara Somaratne, Hajrudin Zulfic, Glyn Ashman, Hayley Vial, Brooke Swaffer and Jacqueline Frizenschaf    
A groundwater risk assessment was carried out for 30 potable water supply systems under a framework of protecting drinking water quality across South Australia. A semi-quantitative Groundwater Risk Assessment Model (GRAM) was developed based on a ?multi-... ver más
Revista: Water