GeneXus Community Wiki
  • MENU
  • PAGE INFO
  • PAGE TOOLS
    • Add a category
    • Add a group
  • CREATE NEW PAGE
TBWelcomeLoginRegister
Settings
Change Password
Logout
Recents
i
Text Block
Managing OWASP Top 10 2017 in GeneXus Applications
  • A1: 2017 - Injection
  • A2:2017 - Broken Authentication
  • A3:2017 - Sensitive Data Exposure
  • A4:2017 - XML External Entities (XXE)
  • A5:2017 - Broken Access Control
  • A6:2017 - Security Misconfiguration
  • A7:2017 - Cross-Site Scripting (XSS)
  • A8:2017 - Insecure Deserialization
  • A9:2017 - Using Components with Known Vulnerabilities
  • A10:2017 - Insufficient Logging and Monitoring
  • GeneXus Security Scanner Documentation
    • GeneXus Security Scanner Advanced Configurations
    • OWASP Top 10 2017 Security Scanner Reference Table


39915

A4:2017 - XML External Entities (XXE)

Unofficial Content
This documentation is valid for:

 

  • OWASP Documentation

Actions by GeneXus

  • GeneXus doesn't execute External Entities by default on Web Services.
  • If the XMLReader Data Type is used it doesn't excecute External Entities by default.

Actions by Developers

  • Check if the XMLReader ReadExternalEntities Property is configured on 1 or true. 
    • Security Scanner helps to detect this scenario with case code #133.

RSS feed with last changes in this category (copy shortcut to subcribe it in an RSS reader)
39916
Next →
NextNode
Was this page helpful?
What Is This?
Your feedback about this content is important. Let us know what you think.
Sure!No
Additional feedback?
Thank you for your feedback!
Backlinks
See all
Forward links
See all
More from sgrampone
See all
s
BY sgrampone
EDIT
—
CREATED: 5 JULY 2018 10:50 AM - LAST UPDATE: 2 OCTOBER 2018 02:23 PM BY SGRAMPONE