[WEBINAR] Bulletproof: How Today's Business Leaders Stay on Top

XML Bomb

Definition - What does XML Bomb mean?

An XML bomb is a piece of XML code that is syntactically valid and correct but can cause a program that compiles or runs it to crash or hang. An XML bomb can be used to test the security level of a server. In an HTML code, an XML code is either parsed internally or referenced as an external file that is sent to a server. Typically, a normal server without adequate protection is expected to crash with this attack.

Techopedia explains XML Bomb

An XML bomb is a small but dangerous piece of code that is written and sent with the intent of crashing the targeted server or program that tries to read and decode it. When an XML parser tries to process an XML bomb, the nested data entities start growing exponentially. This can result in the shutting down of a server or ISP, making it vulnerable to unauthorized access by hackers, which can result in serious threat to data privacy. An XML bomb takes advantage of three properties of XML, namely, entity substitution, nested entities and inline DTDs, to cause a "data explosion," hence the "bomb" in the name.

Share this:

Connect with us

Email Newsletter

Join thousands of others with our weekly newsletter

The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.