[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webappsec
Subject:    Re: Great XML Security Primer
From:       Javier_Fernández-Sanguino_Peña <jfernandez () germinus ! com>
Date:       2002-12-09 14:48:49
[Download RAW message or body]

Mark Curphey wrote:

>If anyones interested in a good primer on XML Security, this is a great
>article.
>
>http://www.webmasterbase.com/article/933
>
>
>  
>
These references might be also useful (I was reviewing some stuff on XML 
security this weekend):

XML security standards:
 http://www.w3.org/TR/REC-xml
 http://www.w3.org/TR/xmldsig-core/
 http://www.ietf.org/rfc/rfc3275.txt
 http://www.oasis-open.org/committees/security/ ( The OASIS technical comittee for XML)

XML security articles:
 http://www-106.ibm.com/developerworks/security/library/s-xmlsec.html?dwzone=security
 http://www-106.ibm.com/developerworks/security/library/x-encrypt2/index.html?dwzone=security
 http://www-106.ibm.com/developerworks/security/library/s-east.html?dwzone=security
 http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/xml_security.html (A student's page on XML security)
 http://home.earthlink.net/~fjhirsch/xml/xmlsec/starting-xml-security.html (An overview of XML security)
 
 Known XML-related vulnerbilities:
 - XXE (Xml eXternal Entity) attack: http://online.securityfocus.com/archive/1/297714
 - Winamp XML parser buffer overflow: http://online.securityfocus.com/archive/1/293569
 - Trillian XML parser buffer overflow:  http://online.securityfocus.com/archive/1/290019
 - SOAP::Lite access package reverse traversal: http://www.phrack.com/show.php?p=58&a=9


Regards

Javi


[prev in list] [next in list] [prev in thread] [next in thread]