this post was submitted on 04 Jul 2023
6 points (100.0% liked)

appsec

365 readers
1 users here now

A community for all things related to application security.

founded 2 years ago
MODERATORS
laszlok
6
XML Security in Java (semgrep.dev)
submitted 2 years ago by N7x to c/appsec
5 comments fedilink hide all child comments
top 5 comments
sorted by: hot top controversial new old
[–] himazawa 2 points 2 years ago* (last edited 2 years ago) (1 children)

Most of the vulnerabilities in SAML are derived by the fact that XML it’s always a nightmare to parse… I wonder why people keep using it.

[–] N7x 2 points 2 years ago (1 children)

Historical decisions seem to be the most common reasons

[–] himazawa 1 points 2 years ago (2 children)

Yes, but usually “historical decisions” is an acronym for “we are not able to manage that because we designed our systems in the worst possible way”

[–] Zeno_of_Citium 2 points 2 years ago

… and those decisions are sometimes rooted in "we don't have the people and/or money to spend on a new development in this module."

And everyone else is stuck either accepting that or spending the resources to ameliorate the situation. :/

[–] N7x 1 points 2 years ago

Definitely