| Publisher | SIFT | ||
|---|---|---|---|
| Format | 239.1KB PDF | Date added | 26 Sep 2006 |
| Topics | XML, .NET, Application Development | ||
| Downloads | 42 | ||
The XML port scanning technique described in this paper allows an attacker to utilise an XML parser to execute port scanning of systems behind a restrictive perimeter firewall. While the technique relies on some reasonably specific implementation details in order to be exploitable remotely, it is potentially applicable to any application that accepts XML document inputs. Several workarounds exist and have been detailed in this paper and the technique does not offer the ability to perform advanced fingerprinting or analysis of the underlying operating system of hosts. However, this technique demonstrates the danger that inadequately configured XML parsers can pose to an organisation and highlights the inability of traditional network security devices to handle application-level threats.
Did you find this white paper useful?
27 out of 50 users found this white paper useful
Related white papers
Getting Started with LINQ to XML
LINQ stands for Language Integrated Query. This new technology comes built into the NET Framework 3.5 and can be used with any of the different languages that run under NET....
Opening Access to Office Information With OOXML
As the leading ratings expert in a media market, this company's production consisted of sorting and processing large amounts of data to create Microsoft Power Point presentations of charts and...
Ontology-Based Semantic Metadata Validation
Much of the Semantic Web content is generated from databases, especially the instance data based on the ontology classes used in applications. A recurring problem is that the instance data...
Webinar on Blogging for Business
This webcast will explain what blogging means for your business and how you can "blog for business".
Experiments on Element and Document Statistics for XML Retrieval
This paper presents an information retrieval model on XML documents based on tree matching. Queries and documents are represented by extended trees. An extended tree is built starting from the...
Navigationless Database XML: Hierarchical Data Processing
XML data in standard database processing is not being used fully or correctly in business applications today. Current XML hierarchical database query processing is basically limited to single path linear...
A Generic, Reusable Solution for Marshalling Java Objects To/From XML
Solving the same problems over and over again can be quite tiring for a software engineer, yet the object persistence wheel has been reinvented more times than one would like...
