[prev in list] [next in list] [prev in thread] [next in thread]
List: webappsec
Subject: Re: Great XML Security Primer
From: Javier_Fernández-Sanguino_Peña <jfernandez () germinus ! com>
Date: 2002-12-09 14:48:49
[Download RAW message or body]
Mark Curphey wrote:
>If anyones interested in a good primer on XML Security, this is a great
>article.
>
>http://www.webmasterbase.com/article/933
>
>
>
>
These references might be also useful (I was reviewing some stuff on XML
security this weekend):
XML security standards:
http://www.w3.org/TR/REC-xml
http://www.w3.org/TR/xmldsig-core/
http://www.ietf.org/rfc/rfc3275.txt
http://www.oasis-open.org/committees/security/ ( The OASIS technical comittee for XML)
XML security articles:
http://www-106.ibm.com/developerworks/security/library/s-xmlsec.html?dwzone=security
http://www-106.ibm.com/developerworks/security/library/x-encrypt2/index.html?dwzone=security
http://www-106.ibm.com/developerworks/security/library/s-east.html?dwzone=security
http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/xml_security.html (A student's page on XML security)
http://home.earthlink.net/~fjhirsch/xml/xmlsec/starting-xml-security.html (An overview of XML security)
Known XML-related vulnerbilities:
- XXE (Xml eXternal Entity) attack: http://online.securityfocus.com/archive/1/297714
- Winamp XML parser buffer overflow: http://online.securityfocus.com/archive/1/293569
- Trillian XML parser buffer overflow: http://online.securityfocus.com/archive/1/290019
- SOAP::Lite access package reverse traversal: http://www.phrack.com/show.php?p=58&a=9
Regards
Javi
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic