Entries by Rotem Tsadok

XXE Attacking Guide

Many different client technologies such as web, mobile, cloud and more – send messages to business applications using XML. In order for the application to work with these self-descriptive XML messages, it has to parse them and check that the format is correct. This article will describe XML External Entity (XXE) injection attack and its […]

Formula injection

About Formula Injection Almost every website today provides social, financial or informative detail to the internet users. Websites that contain sensitive data about users, such as banks, social networks and online stores, restrict the access to private data by using access-control measures such as authentication, authorization encryption mechanisms and more. However, hackers are still able […]