[WEB SECURITY] Multi Vendor XML parser DOS Details?

Steven M. Christey coley at linus.mitre.org
Thu Aug 6 16:54:57 EDT 2009


On Thu, 6 Aug 2009, Hoffman, Billy wrote:

> I haven't seen details about the new attacks. The best stuff I've seen
> to date was Alex Stamos's preso at Black Hat a few years back about
> attacking web services which includes a section on DoSing XML parsers.

There typically seems to be a multi-year delay between when something's
presented at Black Hat (or equivalent) and when it reaches some critical
mass for common exploitation.  Just some food for thought for people who
like to plan ahead.

- Steve

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list