[xmlsec] Security best practices

Aleksey Sanin aleksey at aleksey.com
Thu Jan 15 08:21:06 PST 2015

It's a very good question. Checkout this writeup (if you haven't
seen it already):



On 1/15/15 5:48 AM, Alex Boese wrote:
> Any advice for best practices against security attacks on xml signatures? I've heard a little bit about namespace attacks, xml bombs (million lol attack), and wrapper attacks. There are probably many others I am missing. Is there a set of rules (outside of the w3 standards already in place) that you adhere to? What about inherent weaknesses of the cannonicalization process?
> -A
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list