XML Vulnerabilities Flashcards

1
Q

What is XML?

A

Extensive Markup Language

Note: It’s a set of codes or tags that defines rules for text in a digital document. It’s readable by both humans and machines. It was designed to store and transport data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is XML used for?

A

It’s used by web apps for authentication, authorizations, and for data exchanging and uploading.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do you protect XML data?

A

XML data needs to be encrypted and/or with input validation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What attacks is XML vulnerable to?

A

Spoofing
Request forgery
Code injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is an XML Bomb?

A

Known as the Billion Laughs Attack.

XML encodes entities that expand to exponential sizes consuming memory and potentially crashing the host.

Essentially this is a denial of service attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an XML External Entity? (XXE)

A

An attack that embeds a request for a local resource.

Note: This is how file inclusion attacks occur.

Note: This can be prevented with input validation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Exam Note: If there is something with XML written in it, and it is clearly XML, it will be an XML vulnerability.

It may be called XML vulnerability, XML exploitation, XML injection.

A

HTML uses Keywords: Font, Image, Atrib

XML uses Keywords: Question, ID, Type, Entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly