Skip to content
/ OWASP-A4 Public

Sample code to demonstrate the Top 10-2017 A4-XML External Entities (XXE) vulnerability class

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pierre-ernst/OWASP-A4

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

OWASP Top 10 - A4

Sample code to demonstrate the Top 10-2017 A4-XML External Entities (XXE) vulnerability class.

The org.owasp.ottawa.topten2017_A4.impl package contains several implementation of XML parsers and each of these implementation contains a mitigate() method that configures the parser in a way to prevent XXE attacks.

Unit tests are implemented to make sure XXE attacks are prevented for each parser implementation.

Link to presentation.

Usage:

$ mvn test

Running org.owasp.ottawa.topten2017_A4.test.ExternalEntityBypassTest
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.615 sec
Running org.owasp.ottawa.topten2017_A4.test.ParameterTest
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 sec
Running org.owasp.ottawa.topten2017_A4.test.ParserTest
Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.417 sec
Running org.owasp.ottawa.topten2017_A4.test.SecureProcessingBypassTest
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 5.975 sec

Tests run: 7, Failures: 0, Errors: 0, Skipped: 0

About

Sample code to demonstrate the Top 10-2017 A4-XML External Entities (XXE) vulnerability class

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages