In the talk, I talk about XML vulnerabilities related to the Xerces parser, and also explain how techniques such as CDATA smuggling can be used to smuggle malicious content through XML interfaces. I present an example of one such interface which allows CDATA-masked XML through, to a Cloud SaaS provider.
If you're at RSA, give me a shout!