Denial of service through XML DTD entity

The technologies that adopt XML data are prone to XML Denial of Server (XDoS). The most affected by this are the XML web services and SOAP.


_______________________________________________

Any service requester might post some malicious XML code that is quite recursive in nature and would increase the payload of the CPU drastically causing it to crash down.

Usually the service provider would inspect the data that is sent, parse it and then routes it. This work that is done by the services is the main weakness that is exploited in the XML Denial of Service.

One of the ways used for XDoS is the recursive payload sent to the service provider. The other way is to send a huge payload, for example say an XML file of around 1GB or more.

This payload would exhaust the memory when they try to create objects. The last way is to send many small files that would clog the system. This method is called pinging to death.




_______________________________________________

FREE Subscription

Subscribe to our mailing list and receive new articles
through email. Keep yourself updated with latest
developments in the industry.

Name:
Email:

Note : We never rent, trade, or sell my email lists to
anyone. We assure that your privacy is respected
and protected.

_______________________________________



 

FREE Subscription

Stay Current With the Latest Technology Developments Realted to XML. Signup for Our Newsletter and Receive New Articles Through Email.

Name:

Email:

Note : We never rent, trade, or sell our email lists to anyone. We assure that your privacy is respected and protected.

 

 

Add to My Yahoo!

Visit XML Training Material Guide Homepage

 

 

Copyright - © 2004 - 2017 - All Rights Reserved.