...
| Code Block |
|---|
XMLInputFactory factory = XMLInputFactory.newInstance(); factory.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE); |
http://web-in-security.blogspot.in/2016/03/xxe-cheat-sheet.html
http://web-in-security.blogspot.de/2016/03/xml-parser-evaluation.html
...
Learn More
- OWASP XSS Prevention Cheat Sheet
- OWASP Cross-Site Scripting Article
- ESAPI Project Home Page
- ESAPI Encoder API
- ASVS: Output Encoding/Escaping Requirements (V6)
- ASVS: Input Validation Requirements (V5)
- Testing Guide: 1st3 Chapters on Data Validation Testing
- OWASP Code Review Guide: Chapter on XSS Review
- CWE Entry 79 on Cross-Site Scripting
- Rsnake's XSS Attack Cheat Sheet
- XXE Cheat Sheet
- XML Parser Evaluation
- RSPEC proposal about Java and XXE