Register by Tomorrow to Save $300 on 4-6 Day Courses at SANS Cyber Defense Initiative® in Washington, DC!

Rocky Mountain 2019

Denver, CO | Mon, Jul 15 - Sat, Jul 20, 2019
This event is over,
but there are more training opportunities.

Demystifying XXE

  • Serge Borso
  • Wednesday, July 17th, 7:15pm - 8:15pm

OWASP A4 - XML External Entities is officially on the OWASP top ten list and throughout the course of penetration testing I often find this vulnerability. Due to the prevalence of this flaw and the risk of exploitation this technical talk will discuss the nuances of XXE and how to exploit it. Focused on the attackers perspective, this presentation will go into details on:

  • Identifying the flaw
  • Typical points of injection
  • Crafting a suitable attack
  • Post exploitation
  • Tools to help with this process


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, July 15
Session Speaker Time Type
General Session - Welcome to SANS Bryan Simon Monday, July 15th, 8:00am - 8:30am Special Events
Finding Attacks and Compromises Before Day Zero David Hoelzer Monday, July 15th, 7:15pm - 9:15pm Keynote
Tuesday, July 16
Session Speaker Time Type
CYA by Using CIA Correctly For A Change Keith Palmgren Tuesday, July 16th, 7:15pm - 8:15pm SANS@Night
Equifax, Congress, 148 million US taxpayer's information. What Went Wrong? What Lessons Can You Learn from This? Christopher Crowley Tuesday, July 16th, 7:15pm - 8:15pm SANS@Night
Data Protection in the Public Cloud -- a Look at the Good, the Bad, and the Ugly Kenneth G. Hartman Tuesday, July 16th, 8:15pm - 9:15pm SANS@Night
Wednesday, July 17
Session Speaker Time Type
Demystifying XXE Serge Borso Wednesday, July 17th, 7:15pm - 8:15pm SANS@Night
OODA Security: Taking Back the Advantage Kevin Fiscus Wednesday, July 17th, 7:15pm - 8:15pm SANS@Night
The Offensive Defender | Cyberspace Trapping Matthew Toussain Wednesday, July 17th, 8:15pm - 9:15pm SANS@Night