Post by author: Olaf Kummer

Let me tell you the story of a security bug.

To harden our CMS against XXE attacks, we were implementing the procedures proposed by OWASP. This worked nicely for the deployed software but we ran into one case in which the XXE prevention simply did not seem to work when running a test. Fearing that the approach was somehow broken despite the reputable source, we did a root causes analysis.

SIGN UP

Add your name and email address to sign up for our CoreMedia Blog and Industry Newsletter and we will keep you posted about upcoming events, product enhancements and news about CoreMedia.

We promise to keep your data safe and you can opt out at any time.