Type to search
Analyze a file Free Tools

Metadefender Now Supports Data Sanitization for XML Documents

‹ Blog

Metadefender Now Supports Data Sanitization for XML Documents

Infected XML Document

The flexibility of XML has resulted in its widespread usage, including within Microsoft Office documents and SOAP messages. However, XML documents have many security vulnerabilities that can be targeted for different types of attacks, such as file retrieval, server side request forgery, port scanning, or brute force attacks.

OPSWAT Metadefender data sanitization (CDR) now supports XML document sanitization to address many of these potential threats. Here is a list of threats addressed by our data sanitization technology:

  • XML injection
  • XSS/CDATA Injection
  • Oversized payloads or XML bombs
  • Recursive payloads
  • VB macro
  • JavaScript

This covers a large percentage of XML threats. However, in the future we plan to expand coverage to include protection for the following threats as well:

  • XPath injection
  • External Entity Reference Attack
  • Unused namespace exploitation
  • Homograph Attack
  • Bidirectional Text Spoofing

A beta version of data sanitization for XML documents is available with the latest Metadefender Core release. If you have any feedback or questions about this new functionality, please contact us and let us know.

Taeil Goh
Chief Technical Officer

Taeil Goh joined OPSWAT in 2008 as a software engineer. Taeil has been involved in Metadefender product development from the early stages, and his huge contributions were reflected in his promotion to CTO in 2016. He is now more focused on mentoring product managers for new innovative OPSWAT technology, investing a lot of time in joint solutions with technical partners and in identifying new technology areas to focus on. He is also responsible for product usability and enterprise security. Taeil spends his free time playing tennis or flying a Cessna 172.

data sanitization (CDR) Metadefender Core Company News XML malware