You're reading from ASP.NET Core 5 Secure Coding Cookbook Practical recipes for tackling vulnerabilities in your ASP.NET web applications

Product type Paperback

Published in Jul 2021

Publisher Packt

ISBN-13 9781801071567

Length 324 pages

Edition 1st Edition

Languages

Tools

.NET Core

Concepts

Web Programming

Author (1):

Roman Canlas

View More author details

Table of Contents (15) Chapters

Preface

1. Chapter 1: Secure Coding Fundamentals

2. Chapter 2: Injection Flaws FREE CHAPTER

3. Chapter 3: Broken Authentication

4. Chapter 4: Sensitive Data Exposure

5. Chapter 5: XML External Entities

6. Chapter 6: Broken Access Control

7. Chapter 7: Security Misconfiguration

8. Chapter 8: Cross-Site Scripting

9. Chapter 9: Insecure Deserialization

10. Chapter 10: Using Components with Known Vulnerabilities

11. Chapter 11: Insufficient Logging and Monitoring

12. Chapter 12: Miscellaneous Vulnerabilities

13. Chapter 13: Best Practices

14. Other Books You May Enjoy

Fixing XXE injection with XmlTextReader

Similar to XmlDocument, another fast, non-cached, forward-only parser to XML option is XmlTextReader. A major drawback of this high-performance parser is its lack of data validation. XmlTextReader also allows you to process DTDs by default, which can be a concern if your XML sources are untrusted.

This recipe will show you how to disable DTD processing with XmlTextReader.

Getting ready

Using Visual Studio Code, open the sample Online Banking app folder at \Chapter05\xxe-injection02\before\OnlineBankingApp\.

How to do it…

Let's take a look at the steps for this recipe:

From the starting exercise folder, launch Visual Studio Code by typing the following command:
```
code .
```
Open the Services\KnowledgebaseService.cs file. This version of the OnlineBankingApp sample solution is using XmlTextReader to parse the Knowledgebase.xml file:
```
XmlTextReader xmlReader = new XmlTextReader(file);
xmlReader.DtdProcessing = DtdProcessing...
```