Re: Great XML Security Primer

Mark Curphey wrote:

>If anyones interested in a good primer on XML Security, this is a great
These references might be also useful (I was reviewing some stuff on XML security this weekend):

XML security standards:

 
http://www.w3.org/TR/REC-xml
 
http://www.w3.org/TR/xmldsig-core/
 
http://www.ietf.org/rfc/rfc3275.txt
 
http://www.oasis-open.org/committees/security/ ( The OASIS technical comittee for XML)

XML security articles:

 
http://www-106.ibm.com/developerworks/security/library/s-xmlsec.html?dwzone=security
 
http://www-106.ibm.com/developerworks/security/library/x-encrypt2/index.html?dwzone=security
 
http://www-106.ibm.com/developerworks/security/library/s-east.html?dwzone=security
 
http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/xml_security.html (A student's page on XML security)
 
http://home.earthlink.net/~fjhirsch/xml/xmlsec/starting-xml-security.html (An overview of XML security)
 

 Known XML-related vulnerbilities:

• XXE (Xml eXternal Entity) attack: http://online.securityfocus.com/archive/1/297714
• Winamp XML parser buffer overflow: http://online.securityfocus.com/archive/1/293569
• Trillian XML parser buffer overflow: http://online.securityfocus.com/archive/1/290019
• SOAP::Lite access package reverse traversal: http://www.phrack.com/show.php?p=58&a=9

Regards

Javi Received on Mon Dec 9 10:39:03 2002

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek