• Saurabh Bisht
• Satendra Singh
• Anju Rabi
• Chavda Ashish Nathu

The increasing dependency of almost every organization in web applications has introduced a whole new set of vulnerabilities and attack vectors. Due to the ever-evolving nature of the information security space, new vulnerabilities, attack methods, and mitigation strategies are being introduced each day. XML External Entity Attack is such an attack. Being recently featured in the updated Open Web-Application Security Project (OWASP) Top 10 2017 list, this attack is prevalent in modern-day web applications and XML parsers. Recent statistics have shown a steep increase in XXE injections. But in spite of the fact, limited literature is available regarding this vulnerability. As XXE usually has a high-security impact on web applications, it is important to implement protective measures against XXE attacks. In this paper, we focus on XXE attack mitigation in various XML parsers. Firstly, we give a brief introduction to various XXE injection attacks and XML parsers. Then we test popular XML parsers for XXE injections. In addition to this, we suggest preventive measures for XML parsers in popular programming languages.

XML, XML External Entity Attack (XXE), XML Parsers, Billion Laugh Attack (BIL), Server Side Request Forgery (SSRF), Security Testing

"XML External Entity Attacks and Mitigation in XML Parsers", International Journal of Emerging Technologies and Innovative Research (www.jetir.org), ISSN:2349-5162, Vol.8, Issue 5, page no.b255-b259, May-2021, Available :http://www.jetir.org/papers/JETIR2105163.pdf

"XML External Entity Attacks and Mitigation in XML Parsers", International Journal of Emerging Technologies and Innovative Research (www.jetir.org | UGC and issn Approved), ISSN:2349-5162, Vol.8, Issue 5, page no. ppb255-b259, May-2021, Available at : http://www.jetir.org/papers/JETIR2105163.pdf