[WEB SECURITY] Multi Vendor XML parser DOS Details?

Steven M. Christey coley at linus.mitre.org
Thu Aug 6 16:54:57 EDT 2009

On Thu, 6 Aug 2009, Hoffman, Billy wrote:

> I haven't seen details about the new attacks. The best stuff I've seen
> to date was Alex Stamos's preso at Black Hat a few years back about
> attacking web services which includes a section on DoSing XML parsers.

There typically seems to be a multi-year delay between when something's
presented at Black Hat (or equivalent) and when it reaches some critical
mass for common exploitation.  Just some food for thought for people who
like to plan ahead.

- Steve

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list