• XML injection is an attack technique where an attacker injects XML Tags in the SOAP message to change the structure of XML

Insecure Code

  • This code users string concatenation to build an XML query, but fails to validate the input resulting in an XML attack

Secure Code

  • In the code, a definite number (0-9) is assigned by the coder to validate inputs