A Practical Guide to XXE Attack

Introduction to XML XML (Extensible Mark-up Language) is used to create user-defined tags, unlike HTML which consists of pre-defined tags. It is designed to describe data and focus on what data is. In the example below, XML is used to define Email information using tags like, <to>, <from>, <heading>, <body> <?xml version=’1.0’ encoding=’UTF-8’?> <note> <to>John</to>…

JAVA Secure Coding

Secure Coding Checklist – JAVA EE

This blog highlights different insecure coding practices seen in JAVA EE applications. It includes most of the OWASP Top 10 Vulnerabilities, giving their root causes and mitigation techniques.   1. Authentication Insecure Coding Practices Secure Coding Practices Concatenated SQL queries for login validation. In most cases it is seen that user credentials, as retrieved from…