Viewing 0 current events matching “xml” by Event Name.

Sort By: Date Event Name, Location , Default
No events were found.

Viewing 8 past events matching “xml” by Event Name.

Sort By: Date Event Name, Location , Default
Tuesday
Jul 22, 2014
OWASP Chapter Meeting
New Relic

Tim Morgan will be presenting: What You Didn't Know About XML External Entities Attacks

The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. Certain features built into the design of XML, namely inline schemas and document type definitions (DTDs) are a well-known source of potential security problems. Despite being a publicly discussed for more than a decade, a significant percentage of software using XML remains vulnerable to malicious schemas and DTDs. This talk will describe a collection of techniques for exploiting XML external entities (XXE) vulnerabilities, some of which we believe are novel. These techniques can allow for more convenient file content theft, sending of arbitrary data to arbitrary internal TCP services, uploads of arbitrary files to known locations on a vulnerable system, as well as several possible denial of service attacks. We hope this talk will raise awareness about the overall risk associated with XXE attacks and will provide recommendations that developers and XML library implementors can use to help prevent these attacks.

Tim Morgan is credited with the discovery and responsible disclosure of several security vulnerabilities in commercial off-the-shelf and open source software including: IBM Tivoli Access Manager, Real Networks Real Player, Sun Java Runtime Environment, Google Chrome Web Browser, OpenOffice, and Oracle WebLogic Application Server. Tim develops and maintains several open source forensics tools as well as Bletchley, an application cryptanalysis tool kit. Tim regularly speaks and delivers technical training courses, his next of which will be on cryptography for developers at AppSecUSA 2014.


The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland


Meetings are free and open to the public.

Website
Wednesday
Aug 14, 2019
PDX DITA Meetup and Presentation
AppNexus 711 SW Alder Street Suite 400 Portland, OR 97205

At our quarterly meetup for DITA XML users, we'll be welcoming Josh Johnson of MapR Technologies, who will be speaking about "The Doc Pipeline: The Awkward Teenage Years." Josh is a DITA tools developer with 15+ years experience enabling tech doc and content management teams to provide state-of-the art content creation and delivery. Ask him your questions about how he's supported doc teams in evolving their DITA implementations from simply up-and-running builds to highly efficient systems that support key performance goals.

--Meetup from 6:30-8:00 PM on 8/14, with the talk beginning at 7:00.

--There will be food, and drinks in moderation!

--Please RSVP to [email protected] if you plan to come in person--or if you'd like a call-in option. We always plan veg options, but can handle other requests with advance notice. Hope to see you there!

Wednesday
Mar 6, 2019
PDX DITA User Group Meetup
AppNexus 711 SW Alder Street Suite 400 Portland, OR 97205

For users of DITA XML, the open-source authoring specification. The PDX DITA User's Group has been meeting for the last 7+ years.

We're holding an unprogrammed meetup for DITA practitioners, students, and the DITA-curious at the AppNexus offices near Pioneer Square. Come discuss current projects and future ideas over drinks and snacks.

Website
Wednesday
Jun 12, 2013
PDX DITA User's Group
Jive Software

Quarterly meetup of DITA XML users in the Greater Portland area. Free beer and food, geeky chitchat, discussion of DITA best practices and travails. Newbies to experts welcome. Please join us!

The Darwin Information Typing Architecture (DITA) is an XML data model for authoring and, with the DITA Open Toolkit, publishing. http://en.wikipedia.org/wiki/Darwin_Information_Typing_Architecture

Website
Thursday
Jan 12, 2012
PDX DITA User's Group Meeting
Jive Software

So far, we have been a small group of local DITA users with intermediate to advanced experience. We hope you’ll join us!

Website
Wednesday
Jun 13, 2012
PDX DITA User's Group Meeting
Jive Software

So far, we have been a small group of local DITA users with intermediate to advanced experience. We hope you’ll join us!

Website
Thursday
Oct 13, 2011
Portland Perl Mongers -- Shebangml: a markup language with bacon
Free Geek

speaker: Eric Wilhelm

Shebangml is a markup language which saves programmers from gouging their eyes out on pointy angle brackets.

Most pointy ML data (SGML/XML/XHTML/HTML) can be translated to and from this human-readable, bacony syntax. This allows modern programmers to interface with legacy software such as WWW browsers and other relics like "Enterprise Java Software". But the true power of shebangml lies in the '#!' (hash-bang/shebang) and its programmable templating features. Unlike most "don't make me write HTML" generators and markup replacements, hbml preserves the good parts of the quoting constructs and attributes+content nature of XML. This makes it not only a fine replacement for obsolete markup languages, but also an ideal foundation for new dialects and applications. The pluggable syntax and interpreter allow you to define static or dynamically loadable constructs, which allows your application to balance convenience features with security issues using clear separations.

This presentation will cover the Shebangml syntax, the basics of the parser/interpreter module, the extensions API, and two real-world applications (the FreeTUIT declarative GUI toolkit and the presentation generator Text::Slidez.)

As usual, the meeting will be followed by social hour at the Lucky Lab.

Website
Wednesday
Mar 10, 2010
Portland Perl Mongers -- XML with Xtra X
Free Geek

How to learn to parse huge XML documents by doing it wrong for 5 years speaker: Tyler Riddle

When XML documents can't fit into memory the vast majority of solutions available on CPAN are no longer available to you; when the XML documents are so large they take up to 16 hours to process with the standard tools for handling large documents your hands are tied even more. Tyler will cover his learning experiences creating the Parse::MediaWikiDump and MediaWiki::DumpFile modules which are made to handle the 24 gigabyte English Wikipedia dump files in a reasonable time frame.

1) Real world benchmarks of C and perl libraries used to process huge

XML documents. 

2) The dirty little secret about XS and what it means for you in this

context. 

3) The evolution of the implementation of a nice interface around event

oriented (SAX style) XML parsing. 

4) Why XML::LibXML::Reader and XML::CompactTree are your friends and

how to tame them.

As always, the meeting will be followed by social hour at the Lucky Lab.

Website