[xmlsec] Security best practices
alexanderashleyboese at gmail.com
Thu Jan 15 05:48:29 PST 2015
Any advice for best practices against security attacks on xml signatures? I've heard a little bit about namespace attacks, xml bombs (million lol attack), and wrapper attacks. There are probably many others I am missing. Is there a set of rules (outside of the w3 standards already in place) that you adhere to? What about inherent weaknesses of the cannonicalization process?
More information about the xmlsec