Class 13 Notes for XML

Learning Objectives:

You will be able to identify potential security threats to XML documents.

Homework:

Review: W3C Security

XML Security Review:

An XML Document is text only and by itself is not a security threat.

XML poses a threat when you couple it with the HTTPRequest which allows you to get around firewalls!

XSS (Cross Site Scripting) is the most dangerous for sites that use AJAX. Wikipedia has a great example of the problem of Cross Site Scripting.

The W3C has an XML Security Working Group that meets to identify security threats. The link is to a XML Security Presentation.

Review: The Best computer security you can have is common sense!

Create Strong Passwords for your connections and make sure to encrypt passwords.

Use a firewalls on your network and server.

Update your Server's Operating System with the latest patches
and use virus protection.

 

Work on Final

Topics Covered:

Security in the News:

Richard Clark & I agree on Cyber Security

Heart Bleed Open SSL Bug

US Government Cyber Crime will keep you up to date on the latest security issues.

How to hack a website informational sites in numerous locations.

 

Existing Tools/Technologies to secure transfer of XML documents

• Secure Sockets Layer (SSL) SSL explained
  
  
• Transport Layer Security (TLS)
  
  
• Pretty Good Privacy (PGP)
  

 

Terms:

Digital Certificates, Encryption, Canonicalization, XSS (Cross Site Scripting)