XXE Prevention (OWASP A04) Prevent XML External Entity attacks by safely configuring XML parsers and validating XML input. When to Use - Parsing user-supplied XML - Processing SOAP/WSDL services - Handling SVG file uploads - Working with Office documents (DOCX, XLSX) - Implementing XML-based APIs - Processing RSS/Atom feeds Attack Types | Attack | Impact | Description | |--------|--------|-------------| | File Disclosure | HIGH | Read local files (/etc/passwd) | | SSRF | HIGH | Access internal services | | DoS (Billion Laughs) | HIGH | Memory exhaustion | | Port Scanning | MEDIUM | Probe inte…