Exploiting XML Entity Vulnerabilities in File Parsing Functionality

Thursday, November 19, 2015

11:00 AM - 12:00 PM PST

60 minutes, including Q&A

Exploiting XXE in File Upload Functionality - by Willis Vandevante

In this webcast we will discuss exploiting XML Entity Vulnerabilities in File Parsing/Upload functionality. We go over popular XML Entity attacks and their application inside XML supported file formats such as DOCX, XSLX, and PDF. We will walk through the technically relevant points of each format and demo exploitation on a real world product.

Brought to you by:



Willis Vandevanter

Willis Vandevanter

Willis Vandevanter is a principal at Silent Robot Systems. Prior to SRS, Will was a Senior Researcher at Onapsis and Lead Penetration Tester at Rapid7. He has previously spoken at DEFCON, TROOPERS, OWASP AppSec, and other conferences. In his spare time, he writes code and stumbles through CTFs.

Sponsor Presenter:

Tim Jarrett

Tim Jarrett

Tim Jarrett is Senior Director of Enterprise Security Strategy at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and obsesses about how to make the world safe for—and from—software. He can be found on Twitter as @tojarrett.

Sustaining Partners