SlideShare a Scribd company logo

Xml attribute blowup

Download as PPTX, PDF
Jitendra Oza
Jitendra Oza

XML attribute blowup is a denial of service attack against XML parsers. The attack provides a malicious XML document with many attributes in a single node. Vulnerable XML parsers process these attributes inefficiently, consuming excessive CPU and resulting in a denial of service through resource exhaustion. To prevent this, perimeter technologies should validate incoming XML and enforce limits on the number of attributes per element.

Engineering
1 of 10
XML attribute blowup Jitendra oza
XML  XML stand for eXtensible Markup Language  XML is mark up language like HTML  XML was design to store and transport data  XML tags are not predefined, you have to define you own tags  XML design is self descriptive  XML is W3C recommendation
XML structure <?xml version=“1.0” encoding=“UTF-8” ?> <note> <To> Dikshant </To> <From> Jeet </From> <Message> Hey Buddy! </Message> </note>
XML attribute  XML elements can have attributes, just like HTML.  Attributes are designed to contain data related to a specific element.  Attributed must be quoted with ‘ ’ or “ ”  Example:  <person gender=“Male”>
XML Attribute Blowup  XML Attribute Blowup is a denial of service attack against XML parsers  The attacker provides a malicious XML documents, which vulnerable XML parsers process in a very inefficient manner, leading to excessive CPU load.  The essence of the attack is to include many attributes in the same XML node.  Vulnerable XML parsers manage the attributes in an inefficient manner, resulting in a non-linear overall run time, leading to a denial of service condition via CPU exhaustion.
XML Attribute Blow Up  Example: <?xml version=“1.0”?> <foo A1=“” A2=“” .. .. A1000=“” />
Perimeter Solution  Perimeter technologies should perform strict schema validation against all incoming XML documents.  The validation process should enforce the following configurable limits on XML object definition :  The maximum array size  The maximum number of elements  The maximum number of attributes per element  The maximum size of entity definition  The maximum number of references to entity definitions
Reference  http://www.w3schools.com/xml/default.asp  http://projects.webappsec.org/w/page/13247001/XML%20Attribute%20Blowu p  https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities _-_SOAP_Array_Abuse,_XML_Attribute_Blowup,_XML_Entity_Expansion
Thank You

Recommended

Web programming and services
Web programming and servicesWeb programming and services
Web programming and serviceslaibamaqsood
 
Reactjs workshop
Reactjs workshopReactjs workshop
Reactjs workshopPankaj Bhageria
 
WEB TECHNOLOGIES XML
WEB TECHNOLOGIES XMLWEB TECHNOLOGIES XML
WEB TECHNOLOGIES XMLJyothishmathi Institute of Technology and Science Karimnagar
 
Week1 xml
Week1 xmlWeek1 xml
Week1 xmlhapy
 
PHP XML
PHP XMLPHP XML
PHP XMLYellGhost
 
Rendering XML Document
Rendering XML DocumentRendering XML Document
Rendering XML DocumentDudy Ali
 
XML
XMLXML
XMLMukesh Tekwani
 
Xml data transformation
Xml data transformationXml data transformation
Xml data transformationRaghu nath
 

Recommended

Web programming and services
Web programming and servicesWeb programming and services
Web programming and serviceslaibamaqsood
 
Reactjs workshop
Reactjs workshopReactjs workshop
Reactjs workshopPankaj Bhageria
 
WEB TECHNOLOGIES XML
WEB TECHNOLOGIES XMLWEB TECHNOLOGIES XML
WEB TECHNOLOGIES XMLJyothishmathi Institute of Technology and Science Karimnagar
 
Week1 xml
Week1 xmlWeek1 xml
Week1 xmlhapy
 
PHP XML
PHP XMLPHP XML
PHP XMLYellGhost
 
Rendering XML Document
Rendering XML DocumentRendering XML Document
Rendering XML DocumentDudy Ali
 
XML
XMLXML
XMLMukesh Tekwani
 
Xml data transformation
Xml data transformationXml data transformation
Xml data transformationRaghu nath
 
Xml theory 2005_[ngohaianh.info]_1_introduction-to-xml
Xml theory 2005_[ngohaianh.info]_1_introduction-to-xmlXml theory 2005_[ngohaianh.info]_1_introduction-to-xml
Xml theory 2005_[ngohaianh.info]_1_introduction-to-xmlÔng Thông
 
Xhtml
XhtmlXhtml
XhtmlSamir Sabry
 
Xml basics for beginning
Xml basics for beginningXml basics for beginning
Xml basics for beginningAhmad Awsaf-uz-zaman
 
Basics of XML
Basics of XMLBasics of XML
Basics of XMLindiangarg
 
E-publishing
E-publishingE-publishing
E-publishingGanesh Koli
 
Introduction to XML
Introduction to XMLIntroduction to XML
Introduction to XMLFazli Kabashi
 
Xml and xml processor
Xml and xml processorXml and xml processor
Xml and xml processorHimanshu Soni
 
Introduction to XML
Introduction to XMLIntroduction to XML
Introduction to XMLshannonsdavis
 
Xml
XmlXml
XmlSantosh Pandey
 
Introduction to XML
Introduction to XMLIntroduction to XML
Introduction to XMLKumar
 
Xml
XmlXml
Xmlbaabtra.com - No. 1 supplier of quality freshers
 
XML and Localization
XML and LocalizationXML and Localization
XML and LocalizationYamagata Europe
 
DSL in test automation
DSL in test automationDSL in test automation
DSL in test automationtest test
 
Images and Lists in HTML
Images and Lists in HTMLImages and Lists in HTML
Images and Lists in HTMLMarlon Jamera
 
Tutorial on html
Tutorial on htmlTutorial on html
Tutorial on htmlBeauty Mthembu
 
Lesson 2 Starting with the basics
Lesson 2 Starting with the basicsLesson 2 Starting with the basics
Lesson 2 Starting with the basicsChristopherEsteban2
 
Markup Languages
Markup Languages Markup Languages
Markup Languages Senthil Kanth
 
Html css best_practices
Html css best_practicesHtml css best_practices
Html css best_practicesmokshastudio
 
A short introduction on mule expression language
A short introduction on mule expression languageA short introduction on mule expression language
A short introduction on mule expression languageSwapnil Sahu
 
Internal DSLs For Automated Functional Testing
Internal DSLs For Automated Functional TestingInternal DSLs For Automated Functional Testing
Internal DSLs For Automated Functional TestingJohn Sonmez
 
XML
XMLXML
XMLMukesh Tekwani
 
Xml intro1
Xml intro1Xml intro1
Xml intro1Alfonso Gabriel López Ceballos
 

More Related Content

What's hot

Xml theory 2005_[ngohaianh.info]_1_introduction-to-xml
Xml theory 2005_[ngohaianh.info]_1_introduction-to-xmlXml theory 2005_[ngohaianh.info]_1_introduction-to-xml
Xml theory 2005_[ngohaianh.info]_1_introduction-to-xmlÔng Thông
 
Xml and xml processor
Xml and xml processorXml and xml processor
Xml and xml processorHimanshu Soni
 
Introduction to XML
Introduction to XMLIntroduction to XML
Introduction to XMLKumar
 
DSL in test automation
DSL in test automationDSL in test automation
DSL in test automationtest test
 
Images and Lists in HTML
Images and Lists in HTMLImages and Lists in HTML
Images and Lists in HTMLMarlon Jamera
 
Lesson 2 Starting with the basics
Lesson 2 Starting with the basicsLesson 2 Starting with the basics
Lesson 2 Starting with the basicsChristopherEsteban2
 
Html css best_practices
Html css best_practicesHtml css best_practices
Html css best_practicesmokshastudio
 
A short introduction on mule expression language
A short introduction on mule expression languageA short introduction on mule expression language
A short introduction on mule expression languageSwapnil Sahu
 
Internal DSLs For Automated Functional Testing
Internal DSLs For Automated Functional TestingInternal DSLs For Automated Functional Testing
Internal DSLs For Automated Functional TestingJohn Sonmez
 

What's hot (20)

Xml theory 2005_[ngohaianh.info]_1_introduction-to-xml
Xml theory 2005_[ngohaianh.info]_1_introduction-to-xmlXml theory 2005_[ngohaianh.info]_1_introduction-to-xml
Xml theory 2005_[ngohaianh.info]_1_introduction-to-xml
 
Xhtml
XhtmlXhtml
Xhtml
 
Xml basics for beginning
Xml basics for beginningXml basics for beginning
Xml basics for beginning
 
Basics of XML
Basics of XMLBasics of XML
Basics of XML
 
E-publishing
E-publishingE-publishing
E-publishing
 
Introduction to XML
Introduction to XMLIntroduction to XML
Introduction to XML
 
Xml and xml processor
Xml and xml processorXml and xml processor
Xml and xml processor
 
Introduction to XML
Introduction to XMLIntroduction to XML
Introduction to XML
 
Xml
XmlXml
Xml
 
Introduction to XML
Introduction to XMLIntroduction to XML
Introduction to XML
 
Xml
XmlXml
Xml
 
XML and Localization
XML and LocalizationXML and Localization
XML and Localization
 
DSL in test automation
DSL in test automationDSL in test automation
DSL in test automation
 
Images and Lists in HTML
Images and Lists in HTMLImages and Lists in HTML
Images and Lists in HTML
 
Tutorial on html
Tutorial on htmlTutorial on html
Tutorial on html
 
Lesson 2 Starting with the basics
Lesson 2 Starting with the basicsLesson 2 Starting with the basics
Lesson 2 Starting with the basics
 
Markup Languages
Markup Languages Markup Languages
Markup Languages
 
Html css best_practices
Html css best_practicesHtml css best_practices
Html css best_practices
 
A short introduction on mule expression language
A short introduction on mule expression languageA short introduction on mule expression language
A short introduction on mule expression language
 
Internal DSLs For Automated Functional Testing
Internal DSLs For Automated Functional TestingInternal DSLs For Automated Functional Testing
Internal DSLs For Automated Functional Testing
 

Similar to Xml attribute blowup

eXtensible Markup Language (By Dr.Hatem Mohamed)
eXtensible Markup Language (By Dr.Hatem Mohamed)eXtensible Markup Language (By Dr.Hatem Mohamed)
eXtensible Markup Language (By Dr.Hatem Mohamed)MUFIX Community
 
XML simple Introduction
XML simple IntroductionXML simple Introduction
XML simple Introductionalphap13
 
XML - Extensible Markup Language for Network Security.pptx
XML - Extensible Markup Language for Network Security.pptxXML - Extensible Markup Language for Network Security.pptx
XML - Extensible Markup Language for Network Security.pptxkalanamax
 
Xml tutorial
Xml tutorialXml tutorial
Xml tutorialIT
 
chapter 4 web authoring unit 4 xml.pptx
chapter 4 web authoring unit 4 xml.pptxchapter 4 web authoring unit 4 xml.pptx
chapter 4 web authoring unit 4 xml.pptxamare63
 
XML Presentation-2
XML Presentation-2XML Presentation-2
XML Presentation-2Sudharsan S
 
Introduction to xml
Introduction to xmlIntroduction to xml
Introduction to xmlsoumya
 
Xml 150323102007-conversion-gate01
Xml 150323102007-conversion-gate01Xml 150323102007-conversion-gate01
Xml 150323102007-conversion-gate01Niraj Bharambe
 
Xml programming language myassignmenthelp.net
Xml programming language myassignmenthelp.netXml programming language myassignmenthelp.net
Xml programming language myassignmenthelp.netwww.myassignmenthelp.net
 

Similar to Xml attribute blowup (20)

XML
XMLXML
XML
 
Xml intro1
Xml intro1Xml intro1
Xml intro1
 
eXtensible Markup Language (By Dr.Hatem Mohamed)
eXtensible Markup Language (By Dr.Hatem Mohamed)eXtensible Markup Language (By Dr.Hatem Mohamed)
eXtensible Markup Language (By Dr.Hatem Mohamed)
 
Unit 2.2
Unit 2.2Unit 2.2
Unit 2.2
 
XML simple Introduction
XML simple IntroductionXML simple Introduction
XML simple Introduction
 
Unit 2.2
Unit 2.2Unit 2.2
Unit 2.2
 
Introduction to xml
Introduction to xmlIntroduction to xml
Introduction to xml
 
uptu web technology unit 2 Xml2
uptu web technology unit 2 Xml2uptu web technology unit 2 Xml2
uptu web technology unit 2 Xml2
 
XML - Extensible Markup Language for Network Security.pptx
XML - Extensible Markup Language for Network Security.pptxXML - Extensible Markup Language for Network Security.pptx
XML - Extensible Markup Language for Network Security.pptx
 
Xml tutorial
Xml tutorialXml tutorial
Xml tutorial
 
Xml
XmlXml
Xml
 
chapter 4 web authoring unit 4 xml.pptx
chapter 4 web authoring unit 4 xml.pptxchapter 4 web authoring unit 4 xml.pptx
chapter 4 web authoring unit 4 xml.pptx
 
XML Presentation-2
XML Presentation-2XML Presentation-2
XML Presentation-2
 
Xml
XmlXml
Xml
 
paper about xml
paper about xmlpaper about xml
paper about xml
 
Xml iet 2015
Xml iet 2015Xml iet 2015
Xml iet 2015
 
Introduction to xml
Introduction to xmlIntroduction to xml
Introduction to xml
 
Xml 150323102007-conversion-gate01
Xml 150323102007-conversion-gate01Xml 150323102007-conversion-gate01
Xml 150323102007-conversion-gate01
 
Xml programming language myassignmenthelp.net
Xml programming language myassignmenthelp.netXml programming language myassignmenthelp.net
Xml programming language myassignmenthelp.net
 
Wp unit III
Wp unit IIIWp unit III
Wp unit III
 

Recently uploaded

Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 

Recently uploaded (20)

Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 

Xml attribute blowup

  • 2. XML  XML stand for eXtensible Markup Language  XML is mark up language like HTML  XML was design to store and transport data  XML tags are not predefined, you have to define you own tags  XML design is self descriptive  XML is W3C recommendation
  • 3. XML structure <?xml version=“1.0” encoding=“UTF-8” ?> <note> <To> Dikshant </To> <From> Jeet </From> <Message> Hey Buddy! </Message> </note>
  • 4.
  • 5. XML attribute  XML elements can have attributes, just like HTML.  Attributes are designed to contain data related to a specific element.  Attributed must be quoted with ‘ ’ or “ ”  Example:  <person gender=“Male”>
  • 6. XML Attribute Blowup  XML Attribute Blowup is a denial of service attack against XML parsers  The attacker provides a malicious XML documents, which vulnerable XML parsers process in a very inefficient manner, leading to excessive CPU load.  The essence of the attack is to include many attributes in the same XML node.  Vulnerable XML parsers manage the attributes in an inefficient manner, resulting in a non-linear overall run time, leading to a denial of service condition via CPU exhaustion.
  • 7. XML Attribute Blow Up  Example: <?xml version=“1.0”?> <foo A1=“” A2=“” .. .. A1000=“” />
  • 8. Perimeter Solution  Perimeter technologies should perform strict schema validation against all incoming XML documents.  The validation process should enforce the following configurable limits on XML object definition :  The maximum array size  The maximum number of elements  The maximum number of attributes per element  The maximum size of entity definition  The maximum number of references to entity definitions
  • 9. Reference  http://www.w3schools.com/xml/default.asp  http://projects.webappsec.org/w/page/13247001/XML%20Attribute%20Blowu p  https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities _-_SOAP_Array_Abuse,_XML_Attribute_Blowup,_XML_Entity_Expansion