GeneXus Community Wiki
  • MENU
  • PAGE INFO
  • PAGE TOOLS
    • Add a category
    • Add a group
  • CREATE NEW PAGE
TBWelcomeLoginRegister
Settings
Change Password
Logout
Recents
i
Text Block
Managing OWASP Top 10 2017 in GeneXus Applications
TOCs where this page is referred
39915
  • A1: 2017 - Injection
  • A2:2017 - Broken Authentication
  • A3:2017 - Sensitive Data Exposure
  • A4:2017 - XML External Entities (XXE)
  • A5:2017 - Broken Access Control
  • A6:2017 - Security Misconfiguration
  • A7:2017 - Cross-Site Scripting (XSS)
  • A8:2017 - Insecure Deserialization
  • A9:2017 - Using Components with Known Vulnerabilities
  • A10:2017 - Insufficient Logging and Monitoring
  • Security Scanner built-in tool
  • GeneXus Security Scanner extension
    • GeneXus Security Scanner extension - Advanced Configurations
    • OWASP Top 10 2017 Security Scanner extension - Reference Table

A4:2017 - XML External Entities (XXE)

Official Content
This documentation is valid for:
  • OWASP Documentation
  • XML External Entity Prevention

Actions by GeneXus

  • GeneXus doesn't execute External Entities by default on Web Services.
  • If the XMLReader Data Type is used it doesn't excecute External Entities by default.

Actions by Developers

  • Check if the XMLReader ReadExternalEntities Property is configured on 1 or true. 
    • Security Scanner helps to detect this scenario with case code #133.

RSS feed with last changes in this category (copy shortcut to subcribe it in an RSS reader)
39916
Next →
NextNode
Was this page helpful?
What Is This?
Your feedback about this content is important. Let us know what you think.
Sure!No
Additional feedback?
Thank you for your feedback!
Backlinks
See all
Forward links
See all
More from sgrampone
See all
Contributions by
EDIT
—
CREATED: 5 JULY 2018 01:50 PM - UPDATED: 4 MARCH 2021 06:26 PM BY SGRAMPONE