Xml External Entities

Preventing OWASP A4 XML External Entities (XXE) in a better way

XML External Entities (XXE) is a dangerous vulnerability, currently ranked fourth (A4) in the OWASP Top Ten. Resolving this vulnerability should be a high priority for all Java developers. In this presentation, presented by Anat Mazar (https://www.linkedin.com/in/anat-mazar/) and Michael Furman (https://www.linkedin.com/in/furmanmichael/) on the OWASP meetup we will Demonstrate why XXE is so dangerous Show you how this vulnerability is typically resolved – in each and every place in the code that you parse an XML file Show you the better resolution – set a couple of system Java system properties once, and never worry about XXE again.