A survey and classification of XML based attacks on web applications

Abstract

ABSTRACTXML based attacks are executed in web applications through crafted XML document that forces XML parser to process un-validated documents. This leads to disclosure of sensitive information, malicious code execution and disruption of services. OWASP has included XML based attacks at number four in its top 10 list of vulnerabilities published in 2017. Most of the vulnerabilities reported using the XML document range from high to critical and require to be addressed immediately. As per the National Vulnerability Database, 152 vulnerabilities have already been reported in the first five months of the year 2019. A varied number of XML vulnerabilities and their classification exist but are limited to a specific vulnerability. In this paper, the authors have proposed a classification of XML based vulnerabilities based on exhaustive literature survey. The approach/strategies to mitigate these vulnerabilities are also presented. The work will help the web developers for proposing secure parsers that will thwart such attacks.