Enterprises
Individuals
Enterprises
Individuals
Menu
Menu
Sign in
Product
Solutions
Pricing
Resources
Learn
Hands-on Labs
Courses
Learning Journeys
Challenges
Cloud Sandboxes
Playgrounds
Measure
Assessments
Tournaments
Certifications
Reports
Capabilities
Integrations
Languages
SCORM & LTI
SSO & SCIM
Our Learning Platform
Get Started Today
Book a demo
Get free trial
Contact us
Industries
Manufacturing
Government
Finance
Technology
Healthcare
Defense
Retail
Teams
C-suite
Security Teams
Engineering Teams
For L&D
We’ll help you
Achieve ROI
Achieve Compliance
Reduce Risk
Measurable Increase in Skills
Grow with us
Partner Program
Instructor Led Training
Success Stories
View all
View Enterprise Plans
Resources
E-books
Case studies
Webinars
Blog
Support
AppSecEngineer 101 Guide
Help Center
Discord
Teams
For C-suite
For Engineering Teams
For Product Teams
For L&D
Knowledge Base
What’s New
View all
3 High-Stakes Security Decisions You Can’t Ignore in 2025
The 2025 Cybersecurity and Compliance Playbook
X
X
X
Enterprises
Individuals
Enterprises
Individuals
Sign in
Menu
Menu
Training for
Library
Platform
Pricing
Resources
Knowledge Base
End-of-Year Special: Blow that Budget Sale! More seats, bigger savings.

What is XML External Entities (XXE)?

PUBLISHED:
February 21, 2022
|
BY:
Abhay Bhargav
Ideal for
Developer
Security Engineer
Pentester

Security Engineer Interview Questions - What is XML External Entities (XXE)?

Never be caught tongue-tied in an Application Security Engineer Interview. In this video Abhay Bhargav explores the popular Security Engineer Interview question from Glassdoor and Indeed "What is XXE?"

#XXE is a key vulnerability in OWASP (Open Web Application Security Project) Top 10 and is a serious vulnerability that can have devastating impacts against your Web Application or Web Service. XXE can result in Local-File Include, Remote File Include, Remote Code Execution, Server-Side Request Forgery or #SSRF and Denial of Service.

Abhay explores XXE in the form of an offensive and defensive demo directly from AppSecEngineer's Learning Path "Application Security"

Latest

3 High-Stakes Security Decisions You Can’t Ignore in 2025
The 2025 Cybersecurity and Compliance Playbook
Top Cybersecurity Experts Raising the Bar for Security in 2024
The Top Cloud Security Roles You Can't Afford to Ignore
Technology to Make Compliance Easier and More Efficient
How to Protect Your Organization from AI Threats Using Role-Based Security Training
Are Your Management Practices Pushing Your Security Team to the Brink?
Protect Your Business By Strengthening API Security
How to Successfully Implement Shift-Left Security for Your Organization
Understanding SOC 2 Compliance: A Complete Guide
View all blogs
View all blogs

Abhay Bhargav

Blog Author
Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA. He loves golf (don't get him started).

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Our Newsletter
Get Started
X
X
FOLLOW APPSECENGINEER
CONTACT

help@appsecengineer.com

United States
11166 Fairfax Boulevard, 500, Fairfax, VA 22030

APAC
68 Circular Road, #02-01, 049422, Singapore

SOC2 Type2 Compliant
4.3
Copyright AppSecEngineer © 2023
QUICK LINKS
Sign InSign UpPrivacy PolicyKnowledge Base
E-BOOKS
Beginner's Guide to
a Career in AppSecTrain your Teams to Fly
FOLLOW APPSECENGINEER
CONTACT


help@appsecengineer.com

United States
11166 Fairfax Boulevard, 500, Fairfax, VA 22030

APAC
68 Circular Road, #02-01, 049422, Singapore

SOC2 Type2 Compliant
4.3
Copyright AppSecEngineer © 2025