The SOAP Effect: Breaking Security Assumptions in Real-World Systems
Kamalpreet Khurana
Nullcon Goa 2026 · Day 1
In a compelling presentation at Nullcon, Kamalpreet Khurana, a Senior Offensive Security Researcher at Adobe, shed light on the enduring security risks associated with the **Simple Object Access Protocol (SOAP)**. Despite often being perceived as an antiquated technology, SOAP remains the backbone of countless critical enterprise systems worldwide, silently powering essential services like billing, licensing, and document processing. Khurana's talk, "The SOAP Effect: Breaking Security Assumptions in Real-World Systems," served as a stark reminder that legacy technologies, when mishandled or misunderstood, continue to expose significant attack surfaces.
AI review
Competent XXE-on-SOAP talk with a real zero-day discovery at the core, but the content reads more like an extended tutorial than a research paper. The five-attempt exploitation walkthrough is the strongest section; everything else is textbook material that any developer who's read the OWASP XXE cheatsheet already knows.