OWASP Top 10: A4 – XML External Entities

Extensible Markup Language uses tags to describe data and has become the standard information exchange format between dissimilar systems. Many applications use XML to share and manage data. In this course you ll begin with an XML overview including document type definitions and how XML differs from HTML. Next youÆll learn what XML external entity attacks are. Moving on you ll examine how the OWASP ZAP tool can scan a vulnerable web application and identify weaknesses. Next you ll explore how to scan a web app for XXE vulnerabilities and execute an XXE attack. Lastly you ll learn how to mitigate XXE attacks.