LAB 131 - Identifying Improper Restriction of XML External Entity Reference

Course Details

Course Number: LAB 131

Course Duration: 5 minutes

Course CPE Credits: 0.1

NICE Specialty Areas

Risk Management (RSK)
Securely Provision (SP)
Software Development (DEV)

Related Subject Matter

Cloud
CWE
Learn Labs
MITRE ATT&CK
NICE
NIST
OWASP Web
Web

Foreign Languages Available:

English

Course Overview

This lab on Improper Restriction of XML External Entity References assesses the learner’s understanding of how an existing Improper Restriction of XXE References vulnerability in a cloud-native marketing automation SaaS suite can be discovered and exploited.

After completing this lab, the learner will understand how adversaries can exploit such vulnerabilities to upload malformed XML documents. Such attacks may lead to the disclosure of confidential data, denial of service, server side request forgery, and other system impacts.

Ready to Demo this course? Questions? Contact Us!