Talk type: Talk
XML Vulnerabilities in .NET: Part 2
In our talk at DotNext 2022 Spring, we briefly covered security flaws with XML - XEE and XXE.
This time, let's dive deeper into XXE. How to attack applications with XML? How do we protect ourselves from attacks? And are modern XML parsers really safe?
To answer these questions, we'll have to delve even deeper into the attacks, digging into the .NET and .NET Framework source code and parsing some real-world vulnerabilities, including XXE from .NET 6.
The report will be interesting not only to those working with XML, but also to those interested in security and the inner workings of .NET / .NET Framework.
P.S. For a better understanding of the material, it's worth watching the first part of the story about XML vulnerabilities.
Speakers
Other talks on «Best practices»
- Watch recording
Talk type: Talk
Hall 3Not EF Core Alone: The Alternative ORM LINQ to DB and Its Features
Aleksei Fadeev
Company: sibedge
- Watch recording
Talk type: Talk
Hall 2Decode Review: How Code Review Helps To Improve Processes
Oleg Safonov
Company: Tinkoff
- Watch recording
- Watch recording
Talk type: Conversation
Hall 3Telemetry for the Most Serious
Philipp Bocharov
Company: MTS
Roman Shcherbakov
Company: Tinkoff
Anton Chernousov
Company: Yandex Cloud
Gregory Koshelev
Company: Kontur
- Watch recording
Talk type: Talk
Hall 2Metrics in .NET Using OpenTelemetry and Prometheus As Examples
Aleksandr Pugach
Company: Kaspersky Lab
- Watch recording
- Watch recording
Talk type: Talk
Hall 1LINQ Expressions: Art of Querying Data
Denis Tsvetsikh
Company: DevBrothers, Tinkoff
- Watch recording
Talk type: Talk
Hall 2Feature Toggling: What’s the Benefit and How To Start Using It
Anton Stepanov
Company: Byndyusoft
- Watch recording
Talk type: Talk
Hall 2Memory Saving Techniques in .NET
Kirill Bazhaikin
Company: Digitalization of engineering
- Watch recording
Talk type: Talk
Hall 2Reactive Assembly of a Huge Project
Stanislav Sidristij
Company: Speech Technology Center
- Watch recording
