Posted by Taeil Goh / June 8, 2017
The flexibility of XML has resulted in its widespread usage, including within Microsoft Office documents and SOAP messages. However, XML documents have many security vulnerabilities that can be targeted for different types of attacks, such as file retrieval, server side request forgery, port scanning, or brute force attacks.
OPSWAT Metadefender data sanitization (CDR) now supports XML document sanitization to address many of these potential threats. Here is a list of threats addressed by our data sanitization technology:
- XML injection
- XSS/CDATA Injection
- Oversized payloads or XML bombs
- Recursive payloads
- VB macro
This covers a large percentage of XML threats. However, in the future we plan to expand coverage to include protection for the following threats as well:
- XPath injection
- External Entity Reference Attack
- Unused namespace exploitation
- Homograph Attack
- Bidirectional Text Spoofing
A beta version of data sanitization for XML documents is available with the latest Metadefender Core release. If you have any feedback or questions about this new functionality, please contact us and let us know.