XML Parser Evaluation

XML Parser Evaluation For some time now, we've been researching in excruciating detail the prevalence of DTD attacks on different XML pa...

DTD Cheat Sheet

When evaluating the security of XML based services, one should always consider DTD based attack vectors, such as XML External Entities (XXE)...

EsPReSSO - A good morning starts with coffee! In this posts I describe the tool, I wrote for my Bachelor thesis at the Chair for Network and...

Not so Smart: On Smart TV Apps

One of the main characteristics of Smart TVs are apps. Apps extend the Smart TV behavior with various functionalities, ranging from usage of...

Introduction to WS-Attacker: XML Signature Wrapping (XSW) on Web services

This post introduces WS-Attacker. We start with how to build it from source. After that we setup an example Axis2 Web service and finally ...