WebApp Sec mailing list archives
Re: Great XML Security Primer
From: Javier Fernández-Sanguino Peña <jfernandez () germinus com>
Date: Mon, 09 Dec 2002 15:48:49 +0100
Mark Curphey wrote:
These references might be also useful (I was reviewing some stuff on XML security this weekend):If anyones interested in a good primer on XML Security, this is a great article. http://www.webmasterbase.com/article/933
XML security standards: http://www.w3.org/TR/REC-xml http://www.w3.org/TR/xmldsig-core/ http://www.ietf.org/rfc/rfc3275.txt http://www.oasis-open.org/committees/security/ ( The OASIS technical comittee for XML) XML security articles: http://www-106.ibm.com/developerworks/security/library/s-xmlsec.html?dwzone=security http://www-106.ibm.com/developerworks/security/library/x-encrypt2/index.html?dwzone=security http://www-106.ibm.com/developerworks/security/library/s-east.html?dwzone=security http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/xml_security.html (A student's page on XML security) http://home.earthlink.net/~fjhirsch/xml/xmlsec/starting-xml-security.html (An overview of XML security) Known XML-related vulnerbilities: - XXE (Xml eXternal Entity) attack: http://online.securityfocus.com/archive/1/297714 - Winamp XML parser buffer overflow: http://online.securityfocus.com/archive/1/293569 - Trillian XML parser buffer overflow: http://online.securityfocus.com/archive/1/290019 - SOAP::Lite access package reverse traversal: http://www.phrack.com/show.php?p=58&a=9 Regards Javi
Current thread:
- Great XML Security Primer Mark Curphey (Dec 01)
- Re: Great XML Security Primer Javier Fernández-Sanguino Peña (Dec 09)