XAVIER: Grammar-Based Testing for XML Injection Attacks

Web services are essential for online interactions, supporting critical tasks like banking and shopping, but their importance also makes them prime targets for attacks. Attackers try to manipulate data injecting malicious code, potentially compromising systems. Current approaches to preventing such attacks use techniques like attack grammars, symbolic execution, or machine learning to detect vulnerabilities or manually embed malicious payloads, that can miss parts of the service under test.