Black Hat is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Exploiting XML Entity Vulnerabilities in File Parsing Functionality

View Recording

Thursday, November 19, 2015
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A

Brought to you by:

Exploiting XXE in File Upload Functionality - by Willis Vandevante

In this webcast we will discuss exploiting XML Entity Vulnerabilities in File Parsing/Upload functionality. We go over popular XML Entity attacks and their application inside XML supported file formats such as DOCX, XSLX, and PDF. We will walk through the technically relevant points of each format and demo exploitation on a real world product.


Willis VandevanterWillis Vandevanter

Willis Vandevanter is a principal at Silent Robot Systems. Prior to SRS, Will was a Senior Researcher at Onapsis and Lead Penetration Tester at Rapid7. He has previously spoken at DEFCON, TROOPERS, OWASP AppSec, and other conferences. In his spare time, he writes code and stumbles through CTFs.

Sponsor Presenter:

Tim JarrettTim Jarrett

Tim Jarrett is Senior Director of Enterprise Security Strategy at Veracode. A Grammy-award winning product professional, he joined Veracode in 2008 and obsesses about how to make the world safe for—and from—software. He can be found on Twitter as @tojarrett.





Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners