Which attack class targets weaknesses in the XML parser to cause DoS or logical errors in web service processing?

Attacks that exploit how web services parse XML focus on the parsing stage itself. Web services often rely on XML to structure requests (for example, SOAP envelopes). If the XML parser has weaknesses, an attacker can craft input that forces the parser to consume excessive resources or misinterpret data, causing denial of service or logic errors during processing. Classic examples include XML bombs, which use recursive entity expansion to blow up memory and CPU usage, and XXE (XML External Entity) attacks, where external entities cause the server to read local files or access internal resources. The attacker’s aim is to disrupt or corrupt the service as it parses the XML, before any business logic executes. This is precisely what Web Services Parsing Attacks describe, making it the best fit for the scenario. Defenses include disabling problematic features like DTDs, limiting entity expansion and document size, and using secure or streaming XML parsers to mitigate these risks.