Projects per year
Abstract
Online attacks are outcomes of cyber vulnerabilities. XML (eXtensible Markup Language) is a self-descriptive markup language, and XML eXternal Entity injection (XXE) is a well-recognised web security vulnerability. XXE injection can attack web applications that several popular XML parsers are unable to withstand. Most of the available literature on XXE is based on vulnerability testing, but not much work has been done on ways for prevention of such attacks. The aim of this research is investigation of XXE attacks, and ways of prevention of such attacks. A sample vulnerable web application utilizing the standard XML parser that accompanies the Java Development Kit (JDK) has been developed in this work for executing different attacks and detection of attacks. Additionally, ways for prevention of XXE attacks are suggested as well. A virtual machine image of the developed framework is provided to perform trial and error for experimentation and representation of vulnerabilities. Different techniques and exploitation approaches for evaluating the performance of sample web application in terms of vulner-abilities are utilized to develop a platform for executing such attacks. Since the vulnerabilities of misconfigured XML parsers are depicted in this work in detail, effective methods for securing websites from XXE attacks are provided. Furthermore, this work also includes discourse on tools for developing platform for XXE attacks, and ways to eliminate vulnerabilities.
Original language | English |
---|---|
Title of host publication | Proceedings - 2022 14th IEEE International Conference on Computational Intelligence and Communication Networks, CICN 2022 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 830-835 |
Number of pages | 6 |
ISBN (Electronic) | 9781665487719 |
DOIs | |
Publication status | Published - 2022 |
Event | 14th IEEE International Conference on Computational Intelligence and Communication Networks, CICN 2022 - Al-Khobar, Saudi Arabia Duration: 4 Dec 2022 → 6 Dec 2022 |
Publication series
Name | Proceedings - 2022 14th IEEE International Conference on Computational Intelligence and Communication Networks, CICN 2022 |
---|
Conference
Conference | 14th IEEE International Conference on Computational Intelligence and Communication Networks, CICN 2022 |
---|---|
Country/Territory | Saudi Arabia |
City | Al-Khobar |
Period | 4/12/22 → 6/12/22 |
Keywords
- API
- DDoS
- DTD
- DoS
- OWASP
- XXE
- parser
- vulnerability
Fingerprint
Dive into the research topics of 'A Study of XXE Attacks Prevention Using XML Parser Configuration'. Together they form a unique fingerprint.Projects
- 1 Finished
-
EX-QNRF-NPRPS-51: Development of Human-Centric Robust ML-Driven IoT Smart Services
Ghaly, M. (Principal Investigator), Al Fuqaha, A. (Lead Principal Investigator), Assistant-1, R. (Research Assistant), Assistant-2, R. (Research Assistant), Assistant-3, R. (Research Assistant), Associate-1, R. (Research Associate), Bou-Harb, D. E. (Principal Investigator), Zubair, D. M. (Principal Investigator), Filali, P. F. (Principal Investigator) & Qadir, P. J. (Principal Investigator)
15/03/21 → 15/09/23
Project: Applied Research