SlideShare une entreprise Scribd logo

Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Source Systems

Lionel Briand
Lionel Briand

QRS 2015, Vancouver

Logiciels
1  sur  22
Télécharger pour lire hors ligne
.lusoftware verification & validation VVS Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Source Systems Sadeeq Jan, Cu D. Nguyen, Lionel Briand Interdisciplinary Centre for Security, Reliability and Trust (SnT) University of Luxembourg QRS 2015 The 2015 IEEE International Conference on Software Quality, Reliability & Security Vancouver, Canada, August 3-5, 2015
Motivation • Widespread use of XML • De-facto standard for data exchange • > 500 XML Vulnerabilities reported in National Vulnerability Database (NVD) 2 NVD Statistics (07/2015) 0 50 100 150 200 250 XML DoS(BIL) XXE XML Parser Xml injection No.ofVulnerabilities
Background–XML Vulnerabilities XML Bomb/Billion Laughs (BIL) XML External Entity Exploitation (XXE) 3
XML Bomb/Billion Laughs (BIL) • DoS attack on XML parser using well-formed XML •  Exponential entity expansion <?xml version="1.0"?> <!DOCTYPE xmlBOMB [ <!ENTITY a “Random Text"> <!ENTITY b “&a; &a; &a; &a; &a;”> <!ENTITY c “&b; &b; &b; &b; &b;”> <!ENTITY d “&c; &c; &c; &c; &c;”> ]> <xmlBOMB>&d;</xmlBOMB> •  Impact – Higher memory & CPU Consumption – DoS on parsing system XML 4
XML External Entity (XXE) Vulnerabilities • Attack on a weakly configured parser via XML input containing a reference to an external entity <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE myFile [ <!ELEMENT myFile ANY> <!ENTITY xxe SYSTEM "file:///etc/passwd" > ]> <myFile>&xxe;</myFile> •  Impact – Disclosure of confidential Information – DoS on parsing system – Unauthorized access to system/data 5
Research Problem and Goals •  Research problem •  Insecure use and configuration of XML parsers •  Lack of adequate security testing of popular XML parsers and open source systems for XML related vulnerabilities •  Goals •  Security assessment of popular XML parsers and open source systems •  Raising awareness among software developers regarding these vulnerabilities 6
Contribution of This Work • A large-scale systematic and rigorous experimental evaluation of BIL/XXE attacks • in popular XML parsers and open source systems using those parsers • Unbiased and extensive evidence of the lack of mitigation for these vulnerabilities • To raise awareness among software developers 7
Research Questions To which extent are BIL and XXE attacks successful in modern XML parsers? Do software systems, which use one of the vulnerable parsers, apply mitigation techniques for BIL and XXE attacks? 8 RQ1 RQ2
Research Methodology 9 Observer XML Parsers & Systems Input Generator for BIL and XXE attacks Malicious BIL & XXE Files Legit XML Files •  Memory consumption •  CPU time •  Response content
Experiment Setup-Subject Selection 10 XML Parsers Open Source Systems Java, Python, PHP, C#, Perl Popular? Popularity = no. of adoptions (> 0.5 Million in Github/Google Code) 13 XML Parsers Those using a vulnerable parser (Java DOM) 749 Java Classes (628 Github projects) 8 Applications RQ1 RQ2 Subject Selection
Experiment Setup—Inputs, Subjects and Oracle Subjects •  Memory consumption •  CPU time •  Response content Oracle/Indicators •  10 XML bomb of size M x N for BIL category •  3 XML files for XXE category Test Inputs Parsers Open Source Systems S.No Parser Name 1 JDOM2 2 NanoXML 3 NanoXML-LITE 4 Std-DOM 5 Std-SAX 6 Std-STAX 7 WOODSTOX 8 XERCES-JDOM 9 LXML-ETREE 10 Std-ETREE 11 PERL(XML:LibXML) 12 PHPDOM 13 MSXML S.No   Application   1   Websphere-portal-plugiin   2   File-Archiver-Main   3   AppDF   4   source2XMI   5   Jbm-to-hornetq   6   Fastcatsearch   7   Bimoku-Crawler   8   blog   749 Java Classes using Std- DOM Parser (from Github projects)   Applications using XML parser 11
Results 12 13 8 7 Total #parsers #Vul. to BIL #Vul. to XXE 735 out of 749 (98.13%) Java classes from 628 GitHub projects that use Java DOM Parser are vulnerable. Parsers More than half of the tested parsers are vulnerable to BIL and XXE. Open Source Systems All tested applications (8/8) are vulnerable.
13 <?xml version="1.0"?> <!DOCTYPE xmlBOMB [ <!ENTITY lol “lol"> <!ENTITY lol1 “&lol”; “&lol”; “&lol”; “&lol”; “&lol”;”> <!ENTITY lol2 “&lol1”; “&lol1”; “&lol1”; “&lol1”; “&lol1”;”> <!ENTITY lol3 “&lol2”; “&lol2”; “&lol2”; “&lol2”; “&lol2”;”> <!ENTITY lol4 “&lol3”; “&lol3”; “&lol3”; “&lol3”; “&lol3”;”> <!ENTITY lol5 “&lol4”; “&lol4”; “&lol4”; “&lol4”; “&lol4”;”> ]> <lolz>&lol5;</lolz> Input No. of Entities (M) = 5 No. of references per entity (N) = 5 Response of a non-vulnerable parser Parser’s behavior to BIL attack Response of a vulnerable parser
14 Input Parser’s behavior to XXE attack <?xml version="1.0”?> <!DOCTYPE myFile [ <!ELEMENT myFile ANY> <!ENTITY xxe SYSTEM ”C:DatafileContents.txt”>]> <foo>&xxe;</foo> Response of a non-vulnerable parser Response of a vulnerable parser
Test Oracles 15 XML File Physical size on disk Test Oracle Result Memory Consumption CPU Time Response Content Legit < 10KB < 1MB < 1 sec Normal Non-vulnerable Malicious < 1KB > 100 MB > 10 min Continued expanding entities Vulnerable Malicious < 1KB < 100 MB < 10 min Detected & stopped entity expansion Non-vulnerable XML File Physical size on disk Test Oracle Result Response Content Legit < 1KB No external contents Non-vulnerable Malicious < 1KB Acquired external contents referred by the entity Vulnerable Malicious < 1KB Blocked access to external contents Non-vulnerable For BIL Category: For XXE Category:
Memory Consumption Analysis 16 Parsing BIL XML files of different sizes (M x N) -  M is the number entities -  N is the number of references per entity)
CPU Time Analysis 17 Parsing BIL XML files of different sizes (M x N) -  M is the number entities -  N is the number of references per entity)
Results-details Parser Name BIL Vulnerable? XXE Vulnerable? JDOM2 Yes Yes NanoXML Yes Yes NanoXML-LITE No No Std-DOM Yes Yes Std-SAX Yes Yes Std-STAX No No WOODSTOX No No XERCES-JDOM Yes Yes LXML-ETREE No No Std-ETREE Yes No PERL(XML:LibXML) Yes Yes PHPDOM No No MSXML Yes Yes Total 8 7 18 Parser Name BIL Vulnerable? XXE Vulnerable? Websphere- portal-plugiin Yes Yes File-­‐Archiver-­‐Main Yes Yes AppDF Yes Yes source2XMI Yes Yes Jbm-to-hornetq Yes Yes Bimoku-Crawler Yes Yes blog Yes Yes Fastcatsearch Yes Yes Applications using Vulnerable parser Parsers
Results-details 19 Sample of 100 open sources projects from 1000 selected in our study. All of the these projects use the vulnerable parser (Std-DOM) without disabling the features leading to XML BIL/XXE attacks.
Research Questions-Answers BIL and XXE vulnerabilities are present in modern XML parsers. Among the selected ones, more than a half are vulnerable. 20 Systems that adopt a BIL or XXE-vulnerable XML parser do not apply any proper security measure, hence, and are vulnerable. RQ1: To which extent are BIL and XXE attacks successful in modern XML parsers? RQ2: Do software systems, which use one of the vulnerable parsers, apply mitigation techniques for BIL and XXE attacks?
Recommendations •  Software developers •  Be aware of security issues in parsers •  Correctly set parsers’ configuration and disable unused features •  For example, block/limit external entities •  Parser developers •  Secure default configurations, better documentation •  Adequate security testing 21
Summary

Recommandé

Search-Based Robustness Testing of Data Processing Systems
Search-Based Robustness Testing of Data Processing SystemsSearch-Based Robustness Testing of Data Processing Systems
Search-Based Robustness Testing of Data Processing Systems
Lionel Briand
 
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow ControllersEffective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Lionel Briand
 
Incremental Reconfiguration of Product Specific Use Case Models for Evolving ...
Incremental Reconfiguration of Product Specific Use Case Models for Evolving ...Incremental Reconfiguration of Product Specific Use Case Models for Evolving ...
Incremental Reconfiguration of Product Specific Use Case Models for Evolving ...
Lionel Briand
 
TMPA-2017: 5W+1H Static Analysis Report Quality Measure
TMPA-2017: 5W+1H Static Analysis Report Quality MeasureTMPA-2017: 5W+1H Static Analysis Report Quality Measure
TMPA-2017: 5W+1H Static Analysis Report Quality Measure
Iosif Itkin
 
System Testing of Timing Requirements based on Use Cases and Timed Automata
System Testing of Timing Requirements based on Use Cases and Timed AutomataSystem Testing of Timing Requirements based on Use Cases and Timed Automata
System Testing of Timing Requirements based on Use Cases and Timed Automata
Lionel Briand
 
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Lionel Briand
 
Metamorphic Security Testing for Web Systems
Metamorphic Security Testing for Web SystemsMetamorphic Security Testing for Web Systems
Metamorphic Security Testing for Web Systems
Lionel Briand
 
Automated Test Suite Generation for Time-Continuous Simulink Models
Automated Test Suite Generation for Time-Continuous Simulink ModelsAutomated Test Suite Generation for Time-Continuous Simulink Models
Automated Test Suite Generation for Time-Continuous Simulink Models
Lionel Briand
 

Recommandé

Search-Based Robustness Testing of Data Processing Systems
Search-Based Robustness Testing of Data Processing SystemsSearch-Based Robustness Testing of Data Processing Systems
Search-Based Robustness Testing of Data Processing Systems
Lionel Briand
 
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow ControllersEffective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Effective Test Suites for ! Mixed Discrete-Continuous Stateflow Controllers
Lionel Briand
 
Incremental Reconfiguration of Product Specific Use Case Models for Evolving ...
Incremental Reconfiguration of Product Specific Use Case Models for Evolving ...Incremental Reconfiguration of Product Specific Use Case Models for Evolving ...
Incremental Reconfiguration of Product Specific Use Case Models for Evolving ...
Lionel Briand
 
TMPA-2017: 5W+1H Static Analysis Report Quality Measure
TMPA-2017: 5W+1H Static Analysis Report Quality MeasureTMPA-2017: 5W+1H Static Analysis Report Quality Measure
TMPA-2017: 5W+1H Static Analysis Report Quality Measure
Iosif Itkin
 
System Testing of Timing Requirements based on Use Cases and Timed Automata
System Testing of Timing Requirements based on Use Cases and Timed AutomataSystem Testing of Timing Requirements based on Use Cases and Timed Automata
System Testing of Timing Requirements based on Use Cases and Timed Automata
Lionel Briand
 
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Extracting Domain Models from Natural-Language Requirements: Approach and Ind...
Lionel Briand
 
Metamorphic Security Testing for Web Systems
Metamorphic Security Testing for Web SystemsMetamorphic Security Testing for Web Systems
Metamorphic Security Testing for Web Systems
Lionel Briand
 
Automated Test Suite Generation for Time-Continuous Simulink Models
Automated Test Suite Generation for Time-Continuous Simulink ModelsAutomated Test Suite Generation for Time-Continuous Simulink Models
Automated Test Suite Generation for Time-Continuous Simulink Models
Lionel Briand
 
Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...
Lionel Briand
 
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Lionel Briand
 
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Lionel Briand
 
Testing the Untestable: Model Testing of Complex Software-Intensive Systems
Testing the Untestable: Model Testing of Complex Software-Intensive SystemsTesting the Untestable: Model Testing of Complex Software-Intensive Systems
Testing the Untestable: Model Testing of Complex Software-Intensive Systems
Lionel Briand
 
A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...
A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...
A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...
Lionel Briand
 
Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...
Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...
Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...
fabriziopastore
 
Scalable Software Testing and Verification of Non-Functional Properties throu...
Scalable Software Testing and Verification of Non-Functional Properties throu...Scalable Software Testing and Verification of Non-Functional Properties throu...
Scalable Software Testing and Verification of Non-Functional Properties throu...
Lionel Briand
 
Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021
Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021
Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021
fabriziopastore
 
Applications of Machine Learning and Metaheuristic Search to Security Testing
Applications of Machine Learning and Metaheuristic Search to Security TestingApplications of Machine Learning and Metaheuristic Search to Security Testing
Applications of Machine Learning and Metaheuristic Search to Security Testing
Lionel Briand
 
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
Lionel Briand
 
A Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesA Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution Techniques
Sung Kim
 
Search-driven String Constraint Solving for Vulnerability Detection
Search-driven String Constraint Solving for Vulnerability DetectionSearch-driven String Constraint Solving for Vulnerability Detection
Search-driven String Constraint Solving for Vulnerability Detection
Lionel Briand
 
Automated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Automated Vulnerability Testing Using Machine Learning and Metaheuristic SearchAutomated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Automated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Lionel Briand
 
SSBSE 2020 keynote
SSBSE 2020 keynoteSSBSE 2020 keynote
SSBSE 2020 keynote
Shiva Nejati
 
SBST 2019 Keynote
SBST 2019 Keynote SBST 2019 Keynote
SBST 2019 Keynote
Shiva Nejati
 
The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)
Maurício Aniche
 
Mining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsMining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs Violations
Dongsun Kim
 
Combining genetic algoriths and constraint programming to support stress test...
Combining genetic algoriths and constraint programming to support stress test...Combining genetic algoriths and constraint programming to support stress test...
Combining genetic algoriths and constraint programming to support stress test...
Lionel Briand
 
Log-Based Slicing for System-Level Test Cases
Log-Based Slicing for System-Level Test CasesLog-Based Slicing for System-Level Test Cases
Log-Based Slicing for System-Level Test Cases
Lionel Briand
 
Documented Requirements are not Useless After All!
Documented Requirements are not Useless After All!Documented Requirements are not Useless After All!
Documented Requirements are not Useless After All!
Lionel Briand
 
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesXXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
Abraham Aranguren
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop
Ivan Novikov
 

Contenu connexe

Tendances

Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...
Lionel Briand
 
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Lionel Briand
 
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Lionel Briand
 
Testing the Untestable: Model Testing of Complex Software-Intensive Systems
Testing the Untestable: Model Testing of Complex Software-Intensive SystemsTesting the Untestable: Model Testing of Complex Software-Intensive Systems
Testing the Untestable: Model Testing of Complex Software-Intensive Systems
Lionel Briand
 
A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...
A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...
A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...
Lionel Briand
 
Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...
Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...
Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...
fabriziopastore
 
Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021
Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021
Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021
fabriziopastore
 
A Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesA Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution Techniques
Sung Kim
 
Automated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Automated Vulnerability Testing Using Machine Learning and Metaheuristic SearchAutomated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Automated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Lionel Briand
 
Mining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsMining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs Violations
Dongsun Kim
 

Tendances (20)

Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...
 
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
 
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
Testing Dynamic Behavior in Executable Software Models - Making Cyber-physica...
 
Testing the Untestable: Model Testing of Complex Software-Intensive Systems
Testing the Untestable: Model Testing of Complex Software-Intensive SystemsTesting the Untestable: Model Testing of Complex Software-Intensive Systems
Testing the Untestable: Model Testing of Complex Software-Intensive Systems
 
A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...
A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...
A Search-based Testing Approach for XML Injection Vulnerabilities in Web Appl...
 
Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...
Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...
Mutation Analysis and Testing for Cyber-Physical Systems: Scalable Solutions...
 
Scalable Software Testing and Verification of Non-Functional Properties throu...
Scalable Software Testing and Verification of Non-Functional Properties throu...Scalable Software Testing and Verification of Non-Functional Properties throu...
Scalable Software Testing and Verification of Non-Functional Properties throu...
 
Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021
Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021
Fabrizio pastore TORACLE-2021 @ESEC/FSE 2021
 
Applications of Machine Learning and Metaheuristic Search to Security Testing
Applications of Machine Learning and Metaheuristic Search to Security TestingApplications of Machine Learning and Metaheuristic Search to Security Testing
Applications of Machine Learning and Metaheuristic Search to Security Testing
 
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
Applying Product Line Use Case Modeling ! in an Industrial Automotive Embedde...
 
A Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesA Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution Techniques
 
Search-driven String Constraint Solving for Vulnerability Detection
Search-driven String Constraint Solving for Vulnerability DetectionSearch-driven String Constraint Solving for Vulnerability Detection
Search-driven String Constraint Solving for Vulnerability Detection
 
Automated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Automated Vulnerability Testing Using Machine Learning and Metaheuristic SearchAutomated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Automated Vulnerability Testing Using Machine Learning and Metaheuristic Search
 
SSBSE 2020 keynote
SSBSE 2020 keynoteSSBSE 2020 keynote
SSBSE 2020 keynote
 
SBST 2019 Keynote
SBST 2019 Keynote SBST 2019 Keynote
SBST 2019 Keynote
 
The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)The relationship between test and production code quality (@ SIG)
The relationship between test and production code quality (@ SIG)
 
Mining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsMining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs Violations
 
Combining genetic algoriths and constraint programming to support stress test...
Combining genetic algoriths and constraint programming to support stress test...Combining genetic algoriths and constraint programming to support stress test...
Combining genetic algoriths and constraint programming to support stress test...
 
Log-Based Slicing for System-Level Test Cases
Log-Based Slicing for System-Level Test CasesLog-Based Slicing for System-Level Test Cases
Log-Based Slicing for System-Level Test Cases
 
Documented Requirements are not Useless After All!
Documented Requirements are not Useless After All!Documented Requirements are not Useless After All!
Documented Requirements are not Useless After All!
 

En vedette

Automated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web ApplicationsAutomated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web Applications
Lionel Briand
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
Dmitry Evteev
 
How to-catch-a-chameleon-steven seeley-ruxcon-2012
How to-catch-a-chameleon-steven seeley-ruxcon-2012How to-catch-a-chameleon-steven seeley-ruxcon-2012
How to-catch-a-chameleon-steven seeley-ruxcon-2012
_mr_me
 

En vedette (20)

XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesXXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop
 
SSRF vs. Business-critical applications. XXE tunneling in SAP
SSRF vs. Business-critical applications. XXE tunneling in SAPSSRF vs. Business-critical applications. XXE tunneling in SAP
SSRF vs. Business-critical applications. XXE tunneling in SAP
 
Defending against application level DoS attacks
Defending against application level DoS attacksDefending against application level DoS attacks
Defending against application level DoS attacks
 
Defending Against Application DoS attacks
Defending Against Application DoS attacksDefending Against Application DoS attacks
Defending Against Application DoS attacks
 
External XML Entities
External XML EntitiesExternal XML Entities
External XML Entities
 
Automated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web ApplicationsAutomated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web Applications
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
 
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationWeb Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And Exploitation
 
Owasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionOwasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF Session
 
How to-catch-a-chameleon-steven seeley-ruxcon-2012
How to-catch-a-chameleon-steven seeley-ruxcon-2012How to-catch-a-chameleon-steven seeley-ruxcon-2012
How to-catch-a-chameleon-steven seeley-ruxcon-2012
 
Final lfh presentation (3)
Final lfh presentation (3)Final lfh presentation (3)
Final lfh presentation (3)
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
D2 t2 steven seeley - ghost in the windows 7 allocator
D2 t2 steven seeley - ghost in the windows 7 allocatorD2 t2 steven seeley - ghost in the windows 7 allocator
D2 t2 steven seeley - ghost in the windows 7 allocator
 
XML Attack Surface - Pierre Ernst (OWASP Ottawa)
XML Attack Surface - Pierre Ernst (OWASP Ottawa)XML Attack Surface - Pierre Ernst (OWASP Ottawa)
XML Attack Surface - Pierre Ernst (OWASP Ottawa)
 
CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2CloudFlare vs Incapsula: Round 2
CloudFlare vs Incapsula: Round 2
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 
[Blackhat2015] FileCry attack against Java
[Blackhat2015] FileCry attack against Java[Blackhat2015] FileCry attack against Java
[Blackhat2015] FileCry attack against Java
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
 

Similaire à Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Source Systems

Declarative Multilingual Information Extraction with SystemT
Declarative Multilingual Information Extraction with SystemTDeclarative Multilingual Information Extraction with SystemT
Declarative Multilingual Information Extraction with SystemT
Laura Chiticariu
 
Dd13.2013.milano.open ntf
Dd13.2013.milano.open ntfDd13.2013.milano.open ntf
Dd13.2013.milano.open ntf
Ulrich Krause
 
Legal analysis of source code
Legal analysis of source codeLegal analysis of source code
Legal analysis of source code
Robert Viseur
 
Fedora Overview
Fedora OverviewFedora Overview
Fedora Overview
eposthumus
 
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Alex Senkevitch
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Open Mobile Alliance
 

Similaire à Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Source Systems (20)

EclipseOMRBuildingBlocks4Polyglot_TURBO18
EclipseOMRBuildingBlocks4Polyglot_TURBO18EclipseOMRBuildingBlocks4Polyglot_TURBO18
EclipseOMRBuildingBlocks4Polyglot_TURBO18
 
Reversing Engineering: Dissecting a "Client Side" Vulnerability in the APT era
Reversing Engineering: Dissecting a "Client Side" Vulnerability in the APT eraReversing Engineering: Dissecting a "Client Side" Vulnerability in the APT era
Reversing Engineering: Dissecting a "Client Side" Vulnerability in the APT era
 
Implementing the Genetic Algorithm in XSLT: PoC
Implementing the Genetic Algorithm in XSLT: PoCImplementing the Genetic Algorithm in XSLT: PoC
Implementing the Genetic Algorithm in XSLT: PoC
 
The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13
The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13
The Latest and Greatest from OpenNTF and the IBM Social Business Toolkit, #dd13
 
Declarative Multilingual Information Extraction with SystemT
Declarative Multilingual Information Extraction with SystemTDeclarative Multilingual Information Extraction with SystemT
Declarative Multilingual Information Extraction with SystemT
 
COMMitMDE'18: Eclipse Hawk: model repository querying as a service
COMMitMDE'18: Eclipse Hawk: model repository querying as a serviceCOMMitMDE'18: Eclipse Hawk: model repository querying as a service
COMMitMDE'18: Eclipse Hawk: model repository querying as a service
 
Dd13.2013.milano.open ntf
Dd13.2013.milano.open ntfDd13.2013.milano.open ntf
Dd13.2013.milano.open ntf
 
Legal analysis of source code
Legal analysis of source codeLegal analysis of source code
Legal analysis of source code
 
Resilience Engineering: A field of study, a community, and some perspective s...
Resilience Engineering: A field of study, a community, and some perspective s...Resilience Engineering: A field of study, a community, and some perspective s...
Resilience Engineering: A field of study, a community, and some perspective s...
 
Java Web Services
Java Web ServicesJava Web Services
Java Web Services
 
IPTC Rights Working Party Summer 2015
IPTC Rights Working Party Summer 2015IPTC Rights Working Party Summer 2015
IPTC Rights Working Party Summer 2015
 
Going to Mars with Groovy Domain-Specific Languages
Going to Mars with Groovy Domain-Specific LanguagesGoing to Mars with Groovy Domain-Specific Languages
Going to Mars with Groovy Domain-Specific Languages
 
Fedora Overview
Fedora OverviewFedora Overview
Fedora Overview
 
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded DayC:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
C:\Alon Tech\New Tech\Embedded Conf Tlv\Prez\Sightsys Embedded Day
 
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It PosesEnterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
Enterprise Java: Just What Is It and the Risks, Threats, and Exposures It Poses
 
Best practice recommendations for utilizing open source software (from a lega...
Best practice recommendations for utilizing open source software (from a lega...Best practice recommendations for utilizing open source software (from a lega...
Best practice recommendations for utilizing open source software (from a lega...
 
Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)Introduction to License Compliance and My research (D. German)
Introduction to License Compliance and My research (D. German)
 
Python-Yesterday Today Tomorrow(What's new?)
Python-Yesterday Today Tomorrow(What's new?)Python-Yesterday Today Tomorrow(What's new?)
Python-Yesterday Today Tomorrow(What's new?)
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
 
Itu telecom-world-2017-autoidlabs-kaist-consortium
Itu telecom-world-2017-autoidlabs-kaist-consortiumItu telecom-world-2017-autoidlabs-kaist-consortium
Itu telecom-world-2017-autoidlabs-kaist-consortium
 

Plus de Lionel Briand

Simulator-based Explanation and Debugging of Hazard-triggering Events in DNN-...
Simulator-based Explanation and Debugging of Hazard-triggering Events in DNN-...Simulator-based Explanation and Debugging of Hazard-triggering Events in DNN-...
Simulator-based Explanation and Debugging of Hazard-triggering Events in DNN-...
Lionel Briand
 
Data-driven Mutation Analysis for Cyber-Physical Systems
Data-driven Mutation Analysis for Cyber-Physical SystemsData-driven Mutation Analysis for Cyber-Physical Systems
Data-driven Mutation Analysis for Cyber-Physical Systems
Lionel Briand
 
Many-Objective Reinforcement Learning for Online Testing of DNN-Enabled Systems
Many-Objective Reinforcement Learning for Online Testing of DNN-Enabled SystemsMany-Objective Reinforcement Learning for Online Testing of DNN-Enabled Systems
Many-Objective Reinforcement Learning for Online Testing of DNN-Enabled Systems
Lionel Briand
 
ATM: Black-box Test Case Minimization based on Test Code Similarity and Evolu...
ATM: Black-box Test Case Minimization based on Test Code Similarity and Evolu...ATM: Black-box Test Case Minimization based on Test Code Similarity and Evolu...
ATM: Black-box Test Case Minimization based on Test Code Similarity and Evolu...
Lionel Briand
 
Black-box Safety Analysis and Retraining of DNNs based on Feature Extraction ...
Black-box Safety Analysis and Retraining of DNNs based on Feature Extraction ...Black-box Safety Analysis and Retraining of DNNs based on Feature Extraction ...
Black-box Safety Analysis and Retraining of DNNs based on Feature Extraction ...
Lionel Briand
 
Revisiting the Notion of Diversity in Software Testing
Revisiting the Notion of Diversity in Software TestingRevisiting the Notion of Diversity in Software Testing
Revisiting the Notion of Diversity in Software Testing
Lionel Briand
 
Applications of Search-based Software Testing to Trustworthy Artificial Intel...
Applications of Search-based Software Testing to Trustworthy Artificial Intel...Applications of Search-based Software Testing to Trustworthy Artificial Intel...
Applications of Search-based Software Testing to Trustworthy Artificial Intel...
Lionel Briand
 
Autonomous Systems: How to Address the Dilemma between Autonomy and Safety
Autonomous Systems: How to Address the Dilemma between Autonomy and SafetyAutonomous Systems: How to Address the Dilemma between Autonomy and Safety
Autonomous Systems: How to Address the Dilemma between Autonomy and Safety
Lionel Briand
 
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
Lionel Briand
 
Mutation Analysis for Cyber-Physical Systems: Scalable Solutions and Results ...
Mutation Analysis for Cyber-Physical Systems: Scalable Solutions and Results ...Mutation Analysis for Cyber-Physical Systems: Scalable Solutions and Results ...
Mutation Analysis for Cyber-Physical Systems: Scalable Solutions and Results ...
Lionel Briand
 
On Systematically Building a Controlled Natural Language for Functional Requi...
On Systematically Building a Controlled Natural Language for Functional Requi...On Systematically Building a Controlled Natural Language for Functional Requi...
On Systematically Building a Controlled Natural Language for Functional Requi...
Lionel Briand
 
Efficient Online Testing for DNN-Enabled Systems using Surrogate-Assisted and...
Efficient Online Testing for DNN-Enabled Systems using Surrogate-Assisted and...Efficient Online Testing for DNN-Enabled Systems using Surrogate-Assisted and...
Efficient Online Testing for DNN-Enabled Systems using Surrogate-Assisted and...
Lionel Briand
 
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Lionel Briand
 
A Theoretical Framework for Understanding the Relationship between Log Parsin...
A Theoretical Framework for Understanding the Relationship between Log Parsin...A Theoretical Framework for Understanding the Relationship between Log Parsin...
A Theoretical Framework for Understanding the Relationship between Log Parsin...
Lionel Briand
 

Plus de Lionel Briand (20)

Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
Metamorphic Testing for Web System Security
Metamorphic Testing for Web System SecurityMetamorphic Testing for Web System Security
Metamorphic Testing for Web System Security
 
Simulator-based Explanation and Debugging of Hazard-triggering Events in DNN-...
Simulator-based Explanation and Debugging of Hazard-triggering Events in DNN-...Simulator-based Explanation and Debugging of Hazard-triggering Events in DNN-...
Simulator-based Explanation and Debugging of Hazard-triggering Events in DNN-...
 
Fuzzing for CPS Mutation Testing
Fuzzing for CPS Mutation TestingFuzzing for CPS Mutation Testing
Fuzzing for CPS Mutation Testing
 
Data-driven Mutation Analysis for Cyber-Physical Systems
Data-driven Mutation Analysis for Cyber-Physical SystemsData-driven Mutation Analysis for Cyber-Physical Systems
Data-driven Mutation Analysis for Cyber-Physical Systems
 
Many-Objective Reinforcement Learning for Online Testing of DNN-Enabled Systems
Many-Objective Reinforcement Learning for Online Testing of DNN-Enabled SystemsMany-Objective Reinforcement Learning for Online Testing of DNN-Enabled Systems
Many-Objective Reinforcement Learning for Online Testing of DNN-Enabled Systems
 
ATM: Black-box Test Case Minimization based on Test Code Similarity and Evolu...
ATM: Black-box Test Case Minimization based on Test Code Similarity and Evolu...ATM: Black-box Test Case Minimization based on Test Code Similarity and Evolu...
ATM: Black-box Test Case Minimization based on Test Code Similarity and Evolu...
 
Black-box Safety Analysis and Retraining of DNNs based on Feature Extraction ...
Black-box Safety Analysis and Retraining of DNNs based on Feature Extraction ...Black-box Safety Analysis and Retraining of DNNs based on Feature Extraction ...
Black-box Safety Analysis and Retraining of DNNs based on Feature Extraction ...
 
PRINS: Scalable Model Inference for Component-based System Logs
PRINS: Scalable Model Inference for Component-based System LogsPRINS: Scalable Model Inference for Component-based System Logs
PRINS: Scalable Model Inference for Component-based System Logs
 
Revisiting the Notion of Diversity in Software Testing
Revisiting the Notion of Diversity in Software TestingRevisiting the Notion of Diversity in Software Testing
Revisiting the Notion of Diversity in Software Testing
 
Applications of Search-based Software Testing to Trustworthy Artificial Intel...
Applications of Search-based Software Testing to Trustworthy Artificial Intel...Applications of Search-based Software Testing to Trustworthy Artificial Intel...
Applications of Search-based Software Testing to Trustworthy Artificial Intel...
 
Autonomous Systems: How to Address the Dilemma between Autonomy and Safety
Autonomous Systems: How to Address the Dilemma between Autonomy and SafetyAutonomous Systems: How to Address the Dilemma between Autonomy and Safety
Autonomous Systems: How to Address the Dilemma between Autonomy and Safety
 
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
Mathematicians, Social Scientists, or Engineers? The Split Minds of Software ...
 
Reinforcement Learning for Test Case Prioritization
Reinforcement Learning for Test Case PrioritizationReinforcement Learning for Test Case Prioritization
Reinforcement Learning for Test Case Prioritization
 
Mutation Analysis for Cyber-Physical Systems: Scalable Solutions and Results ...
Mutation Analysis for Cyber-Physical Systems: Scalable Solutions and Results ...Mutation Analysis for Cyber-Physical Systems: Scalable Solutions and Results ...
Mutation Analysis for Cyber-Physical Systems: Scalable Solutions and Results ...
 
On Systematically Building a Controlled Natural Language for Functional Requi...
On Systematically Building a Controlled Natural Language for Functional Requi...On Systematically Building a Controlled Natural Language for Functional Requi...
On Systematically Building a Controlled Natural Language for Functional Requi...
 
Efficient Online Testing for DNN-Enabled Systems using Surrogate-Assisted and...
Efficient Online Testing for DNN-Enabled Systems using Surrogate-Assisted and...Efficient Online Testing for DNN-Enabled Systems using Surrogate-Assisted and...
Efficient Online Testing for DNN-Enabled Systems using Surrogate-Assisted and...
 
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...Guidelines for Assessing the Accuracy of Log Message Template Identification ...
Guidelines for Assessing the Accuracy of Log Message Template Identification ...
 
A Theoretical Framework for Understanding the Relationship between Log Parsin...
A Theoretical Framework for Understanding the Relationship between Log Parsin...A Theoretical Framework for Understanding the Relationship between Log Parsin...
A Theoretical Framework for Understanding the Relationship between Log Parsin...
 

Dernier

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 

Dernier (20)

Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 

Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Source Systems

  • 1. .lusoftware verification & validation VVS Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Source Systems Sadeeq Jan, Cu D. Nguyen, Lionel Briand Interdisciplinary Centre for Security, Reliability and Trust (SnT) University of Luxembourg QRS 2015 The 2015 IEEE International Conference on Software Quality, Reliability & Security Vancouver, Canada, August 3-5, 2015
  • 2. Motivation • Widespread use of XML • De-facto standard for data exchange • > 500 XML Vulnerabilities reported in National Vulnerability Database (NVD) 2 NVD Statistics (07/2015) 0 50 100 150 200 250 XML DoS(BIL) XXE XML Parser Xml injection No.ofVulnerabilities
  • 3. Background–XML Vulnerabilities XML Bomb/Billion Laughs (BIL) XML External Entity Exploitation (XXE) 3
  • 4. XML Bomb/Billion Laughs (BIL) • DoS attack on XML parser using well-formed XML •  Exponential entity expansion <?xml version="1.0"?> <!DOCTYPE xmlBOMB [ <!ENTITY a “Random Text"> <!ENTITY b “&a; &a; &a; &a; &a;”> <!ENTITY c “&b; &b; &b; &b; &b;”> <!ENTITY d “&c; &c; &c; &c; &c;”> ]> <xmlBOMB>&d;</xmlBOMB> •  Impact – Higher memory & CPU Consumption – DoS on parsing system XML 4
  • 5. XML External Entity (XXE) Vulnerabilities • Attack on a weakly configured parser via XML input containing a reference to an external entity <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE myFile [ <!ELEMENT myFile ANY> <!ENTITY xxe SYSTEM "file:///etc/passwd" > ]> <myFile>&xxe;</myFile> •  Impact – Disclosure of confidential Information – DoS on parsing system – Unauthorized access to system/data 5
  • 6. Research Problem and Goals •  Research problem •  Insecure use and configuration of XML parsers •  Lack of adequate security testing of popular XML parsers and open source systems for XML related vulnerabilities •  Goals •  Security assessment of popular XML parsers and open source systems •  Raising awareness among software developers regarding these vulnerabilities 6
  • 7. Contribution of This Work • A large-scale systematic and rigorous experimental evaluation of BIL/XXE attacks • in popular XML parsers and open source systems using those parsers • Unbiased and extensive evidence of the lack of mitigation for these vulnerabilities • To raise awareness among software developers 7
  • 8. Research Questions To which extent are BIL and XXE attacks successful in modern XML parsers? Do software systems, which use one of the vulnerable parsers, apply mitigation techniques for BIL and XXE attacks? 8 RQ1 RQ2
  • 9. Research Methodology 9 Observer XML Parsers & Systems Input Generator for BIL and XXE attacks Malicious BIL & XXE Files Legit XML Files •  Memory consumption •  CPU time •  Response content
  • 10. Experiment Setup-Subject Selection 10 XML Parsers Open Source Systems Java, Python, PHP, C#, Perl Popular? Popularity = no. of adoptions (> 0.5 Million in Github/Google Code) 13 XML Parsers Those using a vulnerable parser (Java DOM) 749 Java Classes (628 Github projects) 8 Applications RQ1 RQ2 Subject Selection
  • 11. Experiment Setup—Inputs, Subjects and Oracle Subjects •  Memory consumption •  CPU time •  Response content Oracle/Indicators •  10 XML bomb of size M x N for BIL category •  3 XML files for XXE category Test Inputs Parsers Open Source Systems S.No Parser Name 1 JDOM2 2 NanoXML 3 NanoXML-LITE 4 Std-DOM 5 Std-SAX 6 Std-STAX 7 WOODSTOX 8 XERCES-JDOM 9 LXML-ETREE 10 Std-ETREE 11 PERL(XML:LibXML) 12 PHPDOM 13 MSXML S.No   Application   1   Websphere-portal-plugiin   2   File-Archiver-Main   3   AppDF   4   source2XMI   5   Jbm-to-hornetq   6   Fastcatsearch   7   Bimoku-Crawler   8   blog   749 Java Classes using Std- DOM Parser (from Github projects)   Applications using XML parser 11
  • 12. Results 12 13 8 7 Total #parsers #Vul. to BIL #Vul. to XXE 735 out of 749 (98.13%) Java classes from 628 GitHub projects that use Java DOM Parser are vulnerable. Parsers More than half of the tested parsers are vulnerable to BIL and XXE. Open Source Systems All tested applications (8/8) are vulnerable.
  • 13. 13 <?xml version="1.0"?> <!DOCTYPE xmlBOMB [ <!ENTITY lol “lol"> <!ENTITY lol1 “&lol”; “&lol”; “&lol”; “&lol”; “&lol”;”> <!ENTITY lol2 “&lol1”; “&lol1”; “&lol1”; “&lol1”; “&lol1”;”> <!ENTITY lol3 “&lol2”; “&lol2”; “&lol2”; “&lol2”; “&lol2”;”> <!ENTITY lol4 “&lol3”; “&lol3”; “&lol3”; “&lol3”; “&lol3”;”> <!ENTITY lol5 “&lol4”; “&lol4”; “&lol4”; “&lol4”; “&lol4”;”> ]> <lolz>&lol5;</lolz> Input No. of Entities (M) = 5 No. of references per entity (N) = 5 Response of a non-vulnerable parser Parser’s behavior to BIL attack Response of a vulnerable parser
  • 14. 14 Input Parser’s behavior to XXE attack <?xml version="1.0”?> <!DOCTYPE myFile [ <!ELEMENT myFile ANY> <!ENTITY xxe SYSTEM ”C:DatafileContents.txt”>]> <foo>&xxe;</foo> Response of a non-vulnerable parser Response of a vulnerable parser
  • 15. Test Oracles 15 XML File Physical size on disk Test Oracle Result Memory Consumption CPU Time Response Content Legit < 10KB < 1MB < 1 sec Normal Non-vulnerable Malicious < 1KB > 100 MB > 10 min Continued expanding entities Vulnerable Malicious < 1KB < 100 MB < 10 min Detected & stopped entity expansion Non-vulnerable XML File Physical size on disk Test Oracle Result Response Content Legit < 1KB No external contents Non-vulnerable Malicious < 1KB Acquired external contents referred by the entity Vulnerable Malicious < 1KB Blocked access to external contents Non-vulnerable For BIL Category: For XXE Category:
  • 16. Memory Consumption Analysis 16 Parsing BIL XML files of different sizes (M x N) -  M is the number entities -  N is the number of references per entity)
  • 17. CPU Time Analysis 17 Parsing BIL XML files of different sizes (M x N) -  M is the number entities -  N is the number of references per entity)
  • 18. Results-details Parser Name BIL Vulnerable? XXE Vulnerable? JDOM2 Yes Yes NanoXML Yes Yes NanoXML-LITE No No Std-DOM Yes Yes Std-SAX Yes Yes Std-STAX No No WOODSTOX No No XERCES-JDOM Yes Yes LXML-ETREE No No Std-ETREE Yes No PERL(XML:LibXML) Yes Yes PHPDOM No No MSXML Yes Yes Total 8 7 18 Parser Name BIL Vulnerable? XXE Vulnerable? Websphere- portal-plugiin Yes Yes File-­‐Archiver-­‐Main Yes Yes AppDF Yes Yes source2XMI Yes Yes Jbm-to-hornetq Yes Yes Bimoku-Crawler Yes Yes blog Yes Yes Fastcatsearch Yes Yes Applications using Vulnerable parser Parsers
  • 19. Results-details 19 Sample of 100 open sources projects from 1000 selected in our study. All of the these projects use the vulnerable parser (Std-DOM) without disabling the features leading to XML BIL/XXE attacks.
  • 20. Research Questions-Answers BIL and XXE vulnerabilities are present in modern XML parsers. Among the selected ones, more than a half are vulnerable. 20 Systems that adopt a BIL or XXE-vulnerable XML parser do not apply any proper security measure, hence, and are vulnerable. RQ1: To which extent are BIL and XXE attacks successful in modern XML parsers? RQ2: Do software systems, which use one of the vulnerable parsers, apply mitigation techniques for BIL and XXE attacks?
  • 21. Recommendations •  Software developers •  Be aware of security issues in parsers •  Correctly set parsers’ configuration and disable unused features •  For example, block/limit external entities •  Parser developers •  Secure default configurations, better documentation •  Adequate security testing 21