I strongly recommend this hilarious, terrifying PyCon talk about
vulnerabilities in yaml, xml, and json processing:
https://www.youtube.com/watch?v=kjZHjvrAS74
If you process user-submitted data in these formats and don't yet know why
you should be flatly terrified, please watch this ASAP; it's illuminating.
If you *do* know why you should be terrified, watch it anyway and giggle
along in knowing recognition, because the talk is really very funny.
--
Andromeda Yelton
Board of Directors, Library & Information Technology Association:
http://www.lita.org
http://andromedayelton.com
@ThatAndromeda <http://twitter.com/ThatAndromeda>
|