OWASP Top 10: A4 – XML External Entities

Extensible Markup Language uses tags to describe data and has become the standard information exchange format between dissimilar systems. Many applications use XML to share and manage data. In this course youll begin with an XML overview including document type definitions and how XML differs from HTML. Next you’ll learn what XML external entity attacks are. Moving on youll examine how the OWASP ZAP tool can scan a vulnerable web application and identify weaknesses. Next youll explore how to scan a web app for XXE vulnerabilities and execute an XXE attack. Lastly youll learn how to mitigate XXE attacks.