Talk type: Talk

XML Vulnerabilities in .NET: Part 2

  • Talk in Russian
Presentation pdf

In our talk at DotNext 2022 Spring, we briefly covered security flaws with XML - XEE and XXE.

This time, let's dive deeper into XXE. How to attack applications with XML? How do we protect ourselves from attacks? And are modern XML parsers really safe?

To answer these questions, we'll have to delve even deeper into the attacks, digging into the .NET and .NET Framework source code and parsing some real-world vulnerabilities, including XXE from .NET 6.

The report will be interesting not only to those working with XML, but also to those interested in security and the inner workings of .NET / .NET Framework.

P.S. For a better understanding of the material, it's worth watching the first part of the story about XML vulnerabilities.