GeneXus Community Wiki
MENU
PAGE INFO
PAGE TOOLS
Add a category
Add a group
CREATE NEW PAGE
TBWelcome
Login
Register
Settings
Change Password
Logout
Search
Recents
i
Text Block
Managing OWASP Top 10 2017 in GeneXus Applications
A1: 2017 - Injection
A2:2017 - Broken Authentication
A3:2017 - Sensitive Data Exposure
A4:2017 - XML External Entities (XXE)
A5:2017 - Broken Access Control
A6:2017 - Security Misconfiguration
A7:2017 - Cross-Site Scripting (XSS)
A8:2017 - Insecure Deserialization
A9:2017 - Using Components with Known Vulnerabilities
A10:2017 - Insufficient Logging and Monitoring
GeneXus Security Scanner Documentation
GeneXus Security Scanner Advanced Configurations
OWASP Top 10 2017 Security Scanner Reference Table
Page Id
39915
A4:2017 - XML External Entities (XXE)
This documentation is valid for:
OWASP Documentation
XML External Entity Prevention
Actions by GeneXus
GeneXus doesn't execute External Entities by default on Web Services.
If the
XMLReader Data Type
is used it doesn't excecute External Entities by default.
Actions by Developers
Check if the
XMLReader
ReadExternalEntities Property
is configured on 1 or true.
Security Scanner helps to detect this scenario with case code #133.
Page Id
39916
Next →
NextNode
Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Sure!
No
Additional feedback?
comment
Thank you for your feedback!
Backlinks
See all
Forward links
See all
More from manuelrod
See all
Contributions by
EDIT
—
CREATED: 5 JULY 2018 01:50 PM -
UPDATED: 18 DECEMBER 2020
01:58 PM
BY
MANUELROD