Abstract:
The Extensible Markup Language (XML) is a widely used data format for storing and exchanging structured data. As XML data is frequently used in critical applications, it is crucial to ensure its security [42]. This thesis explores the importance of XML security by focusing on well-known attacks like Billion Laughs, XML External Entities, and URL Invocation attacks and developing a framework to investigate the security of XML parsers. Although the XML External Entity attack was discovered in 2002, this vulnerability still resurfaces. The thesis also analyzes the progression of security in XML parsers by including different versions of XML parsers in the framework.