Would you expect burp suite to flag this as XXE when all that was required was changing the Content-Type to application/xml and supplying an XXE in the POST
POST /endpoint
Content-Type: application/json
{"lol":"lol"}
I had never understood DOM based XSS this well ever before. This resource is giving me a lot of new info and i can feel my concepts becoming clearer. Thanks @OWASP_WebGoat . #appsec#security#xss#dom
Today we will host a security workshop with WebGoat at #DevoxxPL for all the participants please follow the instructions on https://t.co/nq3rSYfFfe in order to get everything up and running
Giving a WebGoat workshop at DevOpsCon (@devops_con) with special thanks to @jdriven_nl for letting us host it on a powerful VM instance on Google Cloud
tried to give a little love to @zaproxy last night too, There's even a lesson featuring ZAP (Great Tool) to be included in v. 8 of WebGoat https://t.co/cS4hsjK8tj