Logo Logo
  • Home
  • Modshield SB
  • services
    • Application Security Testing
    • IoT Security Testing
    • Infrastructure Security Testing
    • Testing for Compliance
    • Red Team Exercise
    • Performance Testing
  • Training
    • Cybersecurity Awareness Program
    • Cybersecurity For Developers(Web Application)
    • Cybersecurity For Developers(Mobile Application)
  • Resources
    • Blog
    • CyberNews
  • About
    • Partners
    • Contact

XML External Entities

  • Home
  • Blog Details
September 4 2021
  • Blog

XML External Entity injection is the type of threat that allows an attacker to access an application’s XML data processing files. It takes place on poorly configured XML processors that allow external entity references within XML documents. It may cause subjugation of important assets using the URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks. It is ranked fourth in OWASP‘s top 10 vulnerabilities.

XML External Entity injection is the type of threat that allows an attacker to access an application's XML data processing files

The reason for XML attacks are

  • Whenever an application accepts XML uploads from untrusted resources or from unreliable data sources, which is then processed by XML processors.
  • The Document Type Definition (DTD) contains a special type of file called entity. This is a valid functionality and it is responsible for allowing external entities. This can be turned off at any time.
  • SOAP versions before 1.2 are likely to be vulnerable to XXE attacks since the  entities are passed on to the SOAP framework.
  • If the application is vulnerable to XXE attacks then the application is also bound to denial of service attacks like the billion laughter attack.
  • SAML is generally used to identify processing within Single Sign On (SSO) purposes. Since SAML uses XML it may be vulnerable to XML attacks.

Prevention of XML external entity attacks

  • Usage of less complex data such as JSON and non-serialization of sensitive data will reduce the level of vulnerability.
  • Upgradation of all XML libraries and XML-based processors.
  • Upgrading to SOAP levels 1,2 or higher might prevent these types of attacks.
  • Implement server-side filtering to prevent malicious data within XML documents, headers, or nodes.
  • Consider disabling all Document Type Definition (DTD) in all XML parsers.
  • Ensure the incoming XML file is validated and it is from a trusted source.
  • Even though manual code review is the optimum one, use SAST tools to detect XXE in source code to avoid possible errors.
  • If these methods do not work consider using a Web Application Firewall to block XXE threats.

Web Application Firewall: XXE injection attacks can be prevented with the help of a web application firewall (WAF). A WAF serves as a filter between the server and the web traffic. 

A WAF works based on a set of rulesets, the most common type of ruleset used across any WAF is OWASP Top 10 ModSecurity rulesets. StrongBox IT’s Modshield SB works on the core ModSecurity rulesets, which can avert SQL injections during the time of the attack.

Get a 14-day free trial.

Previous Post Next Post

Leave a Comment

Recent Posts

  • SOC 2 Compliance – Complete Guide
  • What is compliance and why do you need it?
  • OWASP WAF – Web Application Firewall
  • Top Cyber News April Week 3
  • Top Cyber News April Week 2

Recent Comments

  1. Vishnu on IEC 62443 – Cybersecurity for Industrial Automation and Control Systems

Archives

  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • June 2020

Categories

  • Blog
  • CyberNews
© Copyright 2020. Anada WordPres Theme By WordPressRiver