Risk
A4:2017 – XML External Entities (XXE) of the OWASP Top 10 Application Security Risks – 2017 states that “Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.”
What is the OWASP Top 10 2017?
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. Globally recognized by developers as the first step towards more secure coding.
Reference: