Tuesday, February 23, 2010

Speaking at the RSA 2010 Conference about XML - the soft underbelly of the Cloud

Next week at the RSA Conference in San Francisco I am speaking about XML security, a topic which has renewed importance because XML is used as the basis for so many Cloud interfaces.

In the talk, I talk about XML vulnerabilities related to the Xerces parser, and also explain how techniques such as CDATA smuggling can be used to smuggle malicious content through XML interfaces. I present an example of one such interface which allows CDATA-masked XML through, to a Cloud SaaS provider.

If you're at RSA, give me a shout!

2 comments:

Vaibhav said...

Hey,

I enjoyed reading your blog. Nice posts.
Just out of curiosity sake, would it be possible for you to post what would it take to create a xml gateway (the general architecture)..
or you could reply here as well.

Mark O'Neill said...

Yaibhav - you can find tons of XML Gateway information starting here: http://www.vordel.com/products/vx_gateway/