Class 13 Notes for XML

Learning Objectives:

You will be able to identify potential security threats to XML documents.


Review: W3C Security

XML Security Review:

An XML Document is text only and by itself is not a security threat.

XML poses a threat when you couple it with the HTTPRequest which allows you to get around firewalls!

XSS (Cross Site Scripting) is the most dangerous for sites that use AJAX. Wikipedia has a great example of the problem of Cross Site Scripting.

The W3C has an XML Security Working Group that meets to identify security threats. The link is to a XML Security Presentation.

Review: The Best computer security you can have is common sense!

Create Strong Passwords for your connections and make sure to encrypt passwords.

Use a firewalls on your network and server.

Update your Server's Operating System with the latest patches
and use virus protection.


Work on Final

Topics Covered:

Security in the News:Security Flaw

Richard Clark & I agree on Cyber Security

Heart Bleed Open SSL Bug

US Government Cyber Crime will keep you up to date on the latest security issues.

How to hack a website informational sites in numerous locations.


Existing Tools/Technologies to secure transfer of XML documents

  • Secure Sockets Layer (SSL) SSL explained

  • Transport Layer Security (TLS)

  • Pretty Good Privacy (PGP)



Digital Certificates, Encryption, Canonicalization, XSS (Cross Site Scripting)



Dr. Jon Storslee
Phone: 602-787-6734

HTML Valid

Paradise Valley Community CollegeĀ 
18401 N. 32nd Street Phoenix, AZ 85032