xml-serialization-security
OfficialEnsure safe XML parsing and deserialization to prevent security vulnerabilities.
AuthorRedHatProductSecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the security risks associated with parsing XML and serialized data, including XXE, entity expansion attacks, and unsafe deserialization.
Core Features & Use Cases
- Parser Hardening: Implements configuration best practices across Java, .NET, and Python to disable DTDs, external entities, and network access during XML processing.
- Secure Transformation: Guides secure usage of XSLT transformers by restricting external resource loading.
- Safe Deserialization: Recommends strategies and code snippets to avoid unsafe native deserialization methods like pickle, unserialize, and BinaryFormatter, favoring safer alternatives.
- Use Case: Enhance the security posture of an application that imports external XML feeds or deserializes user input, preventing server-side XML attacks and data exfiltration.
Quick Start
Apply parser configurations that disable external entities and enforce strict validation when processing XML data to prevent XXE attacks.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: xml-serialization-security Download link: https://github.com/RedHatProductSecurity/prodsec-skills/archive/main.zip#xml-serialization-security Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.