[xmlsec] Security best practices

Alex Boese alexanderashleyboese at gmail.com
Thu Jan 15 05:48:29 PST 2015

Any advice for best practices against security attacks on xml signatures? I've heard a little bit about namespace attacks, xml bombs (million lol attack), and wrapper attacks. There are probably many others I am missing. Is there a set of rules (outside of the w3 standards already in place) that you adhere to? What about inherent weaknesses of the cannonicalization process?


More information about the xmlsec mailing list