rspec/rules/S6377/common/impacts/injection.adoc

=== Risk of Injection Attacks

Disabling secure validation can expose the application to injection attacks.
Attackers can inject malicious code or entities into the XML document, taking
advantage of the weakened validation process. In some cases, it can also expose
the application to denial-of-service attacks. Attackers can exploit
vulnerabilities in the validation process to cause excessive resource
consumption or system crashes, leading to service unavailability or disruption.
Create rule S6377: XML signature should be verified securely (Python) (APPSEC-1588) (#3763) 2024-03-18 17:11:22 +01:00			`=== Risk of Injection Attacks`

Modify rule S6377: Clarify C# compliant code sample (APPSEC-1731) (#4451) 2024-10-30 14:42:45 +01:00			`Disabling secure validation can expose the application to injection attacks.`
			`Attackers can inject malicious code or entities into the XML document, taking`
			`advantage of the weakened validation process. In some cases, it can also expose`
			`the application to denial-of-service attacks. Attackers can exploit`
			`vulnerabilities in the validation process to cause excessive resource`
			`consumption or system crashes, leading to service unavailability or disruption.`