Improving XPath Injection - OWASP
Improving XPath Injection
Paul Haas OWASP NZ Day 2013
Agenda
Whoami Introduction to XPath Brief History of XPath Injection XPath Injection Techniques/Improvements Mitigations Demo Conclusion and References
Whoami
Paul Haas : Security Engineer @ Security-
Experience 10 years in computer security, 1.5 at Security Assessment Expertise across the pentesting spectrum: App, net, wifi, DB, host Defcon 2010: Advanced Format String Exploitation Bash-Fu Master, XPath Ninja
Passion Solving complex problems (the hack) Alternately: making them more complex Driving people into the Mario Kart abyss
Brief Introduction to XPath
What is XPath?
XPath is a functional language to query a XML document in a hierarchical path-like fashion Parent, Ancestor, Sibling, Descendants, Atomic Value
XML document represented as 'nodes': elements, attributes, text, namespace, processing-instructions, comments, and document nodes. Treats XML database as tree of these nodes from root element '/'
Brief Introduction to XPath
Learning XPath And why you are doing it wrong 10.99 That Guy Someone Else
Necronomicon !Q@#$%^*()_+{}:"? "Mad Arab" Abdul Alhazred
Les Fleurs du mal Spleen et Ide'al
5 Charles Baudelaire
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- improving grammar for adults
- improving my writing skills essay
- is technology improving our lives
- improving essay writing skills
- improving customer service in healthcare
- improving reading comprehension for adults
- improving writing skills
- improving writing in elementary students
- owasp sdlc
- python lxml xpath example
- xpath in python
- python xpath tutorial