Aspire     Web App Vulnerability Analyst     Web App Vulnerability Analyst Track 1: OWASP Top 10 Mitigations

---

Extensible Markup Language uses tags to describe data and has become the standard information exchange format between dissimilar systems. Many applications use XML to share and manage data. In this course, you'll begin with an XML overview, including document type definitions and how XML differs from HTML. Next, you’ll learn what XML external entity attacks are. Moving on, you'll examine how the OWASP ZAP tool can scan a vulnerable web application and identify weaknesses. Next, you'll explore how to scan a web app for XXE vulnerabilities and execute an XXE attack. Lastly, you'll learn how to mitigate XXE attacks.

---

---

Objectives
OWASP Top 10: A4 - XML External Entities discover the key concepts covered in this course identify how Extensible Markup Language (XML) is used to describe data list various ways that XML attacks can be executed scan a web application for XML vulnerabilities execute an XML external entity attack describe how to mitigate XXE attacks summarize the key concepts covered in this course