Forum Stats

  • 3,757,084 Users
  • 2,251,194 Discussions


How to disable in Oracle SOA suite 12c DTDs external entity

Piero Mestici
Piero Mestici Member Posts: 76 Blue Ribbon

Checking the top 10 security risks in OSWAP I found XML EXtenal Entities (XXE).

One mitigation is

Disable XML external entity and DTD processing in all XML parsers in the application, as per the OWASP Cheat Sheet ‘XXE Prevention’

I implemented several SOAP services based on XSD and XML, but I have no idea if the above vulnerability is present in my implementation.

How can I disable the XML EE on Oracle 12c SOA suite for BPEL web services?

Thanks in advance to all for participating in this discussion.

Regards Piero

P:S. Not sure is the correct category, I could not found one better expect for Japanes language , but I do not know japanese.