A4: 2017 – XML External Entities (XXE)

XML is a very good way to store and to organize data, and XXE vulnerability takes advantage of XML parsers not data itself. It works like every other injection, but has its own features. Overall in my opinion, it’s little more complex than any other injection around.

a4_03

Continue reading “A4: 2017 – XML External Entities (XXE)”

What is CISSP, how to get it, not to lose and why nobody needs it

So
It is an exaggeration to say that my road to CISSP began when I decided to study Cyber Security at my local University.  People at the age of 17 are generally very bad at planning their lives, especially when it comes to some new professions.

In fact, the decision to obtain CISSP was taken in 2017, when it became obvious that professional certificates of major vendors have finally ceased to fulfill their main function – to confirm the knowledge and experience of specialists. I have no idea whom to blame – online collections of dumps, the general level of questions in the tests, unscrupulous test centers and a lot of other factors.

Continue reading “What is CISSP, how to get it, not to lose and why nobody needs it”