xxe-prevention
Installation
SKILL.md
XXE Prevention (OWASP A04)
Prevent XML External Entity attacks by safely configuring XML parsers and validating XML input.
When to Use
- Parsing user-supplied XML
- Processing SOAP/WSDL services
- Handling SVG file uploads
- Working with Office documents (DOCX, XLSX)
- Implementing XML-based APIs
- Processing RSS/Atom feeds
Attack Types
| Attack | Impact | Description |
|---|---|---|
| File Disclosure | HIGH | Read local files (/etc/passwd) |
| SSRF | HIGH | Access internal services |
Related skills