diff --git a/src/main/java/org/cyclonedx/parsers/XmlParser.java b/src/main/java/org/cyclonedx/parsers/XmlParser.java
index 119e5fd697..815796709a 100644
--- a/src/main/java/org/cyclonedx/parsers/XmlParser.java
+++ b/src/main/java/org/cyclonedx/parsers/XmlParser.java
@@ -335,10 +335,14 @@ private void extractNamespaces(Node node, List<String> namespaces) {
     private Document createSecureDocument(InputSource in) throws ParserConfigurationException, IOException, SAXException
     {
         //https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xpathexpression
-        DocumentBuilderFactory df = DocumentBuilderFactory.newInstance();
+        final DocumentBuilderFactory df = createDocumentBuilderFactory();
         df.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
         df.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
-        DocumentBuilder builder = df.newDocumentBuilder();
+        final DocumentBuilder builder = df.newDocumentBuilder();
         return builder.parse(in);
     }
+
+    protected DocumentBuilderFactory createDocumentBuilderFactory() {
+        return DocumentBuilderFactory.newInstance();
+    }
 }