XML bomb

XML bomb

An XML bomb is a small but dangerous message that is composed and sent with the intent of overwhelming the program that parses XML files. When the XML parser tries to process an XML bomb, the data feeds on itself and grows exponentially. This can shut down a Web site or ISP (Internet service provider) and is one of many methods used by hackers to carry out denial-of-service attacks.

XML, a formal recommendation from the W3C (World Wide Web Consortium), is similar to the language of today's Web pages, HTML (Hypertext Markup Language). An XML file can be displayed like an HTML file or processed as data by a program. An XML bomb takes advantage of the latter of these features to cause a "data explosion," hence the expression "bomb."

This was last updated in July 2006

Continue Reading About XML bomb

Dig Deeper on Agile, DevOps and software development methodologies