Description:
Explore the security implications of XSLT engines in this 49-minute conference talk from Hack in Paris. Delve into the systematic and bottom-up approach to uncovering high-impact vulnerabilities in applications utilizing XSLT engines. Learn about the research plan, software complexity, and accessibility of XSLT functionalities. Examine real-world examples and methodologies, including impacts on various platforms like Safari, Linux, iPhone, and PHP. Discover how XSLT transformations can be exploited, and understand the potential for attacks through XML, SecXSLT, and other vectors. Gain insights into vendor responses and the broader implications for cybersecurity.
Offensive XSLT - Nicolas Gregoire - Hack in Paris
Add to list
00:00
-01:26