In case someone is interested, I had the pleasure of giving a Webinar for eLearnSecurity on Tuesday this week: Webinar Title: “XXE Exposed” Summary: Brief coverage of Web Service Types, SQLi and XSS against Web Services to then talk about XXE and XEE attacks and mitigation.Heavily inspired on the “Practical Web Defense” (PWD) style of pwnage + …

Where this came from – skip to the end for the challenge if you do not care 🙂 During the OWTF workshop at BSides Vienna the interaction with the audience was great. For the purpose of this blog post the conversation on embedding HTML input from an untrusted source developed as follows: – Olaf first asked …