Here is some of the issues related XML,XLST,XSD. I know It is very rough list.
· Do validate all user inputs for XML/HTML/Script Tags-XML Injection
· Before creating an XML, data should be properly encoded to avoid XML injection. (Hacker can inject malicious script in the CDATA section)
· XML data should be validated using a native .Net class to ensure that it does not contain any malicious data.
· Serving XML/XSLT/XSD files over HTTP
· Clear text secrets in XML files
· XML Output Escaping Turned off
· XML files in the web root
· SQL injection using invalidated user inputs.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment