LAB 208 – Defending C# Applications Against XPath Injection (NEW)

Course Overview

XPath injection vulnerabilities occur when an application concatenates untrusted input into XPath expressions. The exact impact of XPath Injection depends on the purpose of the XPath expression in the application, but usually, the impact is either information disclosure or authentication bypass. This Defending C# Applications Against XPath Injection Skill Lab uses an interactive simulation to train developers to identify and mitigate XPath Injection vulnerabilities before they negatively impact your organization.

After completing this lab, the learner will understand how to defend C# applications against XPath Injection attacks and receive hands-on experience implementing effective mitigation. This includes testing for XPath Injection vulnerabilities and using parameterized access methods instead of concatenating untrusted data into XPath expressions.