2017 OWASP Top 10 for PHP Developers Part 4: XML External Entities (XXE)
Ever processed XML files in your web application? If you did, you probably parsed their contents. And if you parsed their contents, your web application might have been vulnerable to an attack known as XML External Entities (XXE). What is XXE? An XXE attack is a security vulnerability often found in XML parsers. An XML External Entities attack often exploits the XML parsing functionality in a web application making it parse data of interest to an attacker. How does it…