Enterprises
Individuals
Enterprises
Individuals
Menu
Menu
Sign in
Product
Solutions
Pricing
Resources
Learn
Hands-on Labs
Courses
Learning Journeys
Challenges
Cloud Sandboxes
Playgrounds
Measure
Assessments
Tournaments
Certifications
Reports
Capabilities
Integrations
Languages
SCORM & LTI
SSO & SCIM
Our Learning Platform
Get Started Today
Book a demo
Get free trial
Contact us
Industries
Manufacturing
Government
Finance
Technology
Healthcare
Defense
Retail
Teams
C-suite
Security Teams
Engineering Teams
For L&D
We’ll help you
Achieve ROI
Achieve Compliance
Reduce Risk
Measurable Increase in Skills
Grow with us
Partner Program
Instructor Led Training
Success Stories
View all
Mortgage Enterprise Partners with AppSecEngineer for Security
Driving Business Growth with Product Security Training
View Enterprise Plans
Resources
Blog
E-books
Case studies
Webinars
Knowledge Base
Discord
Teams
For C-suite
For Engineering Teams
For Product Teams
For L&D
Knowledge Base
What’s New
View all
Top 5 reasons of LLM security failure
How to Create a Secure Code Training Plan For Your Product Team
Events
View all
LLM Secure Coding - The Unexplored Frontier
Role-based IT Security Training: Can it suck less?
X
X
X
Enterprises
Individuals
Enterprises
Individuals
Sign in
Menu
Menu
Training for
Library
Platform
Pricing
Resources
Developer
Learn to code securely in 7+ popular languages
Pentester
Master offensive security while learning defensive techniques
Cloud Engineer
Train for the most sought-after security skills in tech
DevOps
Speed up security processes, achieve faster releases
Security Architect
Design software to be secure from the ground up
Security Engineer
Learn to secure any tech stack with purple team security
Security Champion
Bring game-changing security initiatives to your team
Browse all courses
Course Collection
DevSecOps Collection
AWS Security Collection
Kubernetes & Containers Security Collection
Secure Coding Collection
Azure Security Collection
AI & LLM Security Learning Path and Collection
Threat Modeling Collection
GCP Security Collection
Browse all learning paths
Overview
Get a bird's eye of our platform and take your InfoSec training to the next level
Learning Paths
Specialize in any of the 10 domains of security that best suits your needs
DevSecOps Certification
Become a highly sought-after DevSecOps pro
Cloud Sandboxes
Try out all those new skills in a risk-free environment, all on your browser
Hands-on Labs
Learn by doing, with over 800 Hands-on labs
Challenges
Put all those awesome new skills to the test with challenges in Kubernetes, AWS & AppSec
Playgrounds
Spin up secure playgrounds in just a few clicks and work in real world security scenarios
View Individuals Plans
E-books
View all
The Zero Trust Security Handbook
Building Security Champions
What’s New
View all
Top 5 reasons of LLM security failure
How to Create a Secure Code Training Plan For Your Product Team
Events
View all
LLM Secure Coding - The Unexplored Frontier
Role-based IT Security Training: Can it suck less?
Knowledge Base
Love is in the air — Enjoy 20% off on all Individual annual plans with coupon ‘CUPIDCODE20’.

What is XML External Entities (XXE)?

PUBLISHED:
February 21, 2022
|
BY:
Abhay Bhargav
Ideal for
Developer
Security Engineer
Pentester

Security Engineer Interview Questions - What is XML External Entities (XXE)?

Never be caught tongue-tied in an Application Security Engineer Interview. In this video Abhay Bhargav explores the popular Security Engineer Interview question from Glassdoor and Indeed "What is XXE?"

#XXE is a key vulnerability in OWASP (Open Web Application Security Project) Top 10 and is a serious vulnerability that can have devastating impacts against your Web Application or Web Service. XXE can result in Local-File Include, Remote File Include, Remote Code Execution, Server-Side Request Forgery or #SSRF and Denial of Service.

Abhay explores XXE in the form of an offensive and defensive demo directly from AppSecEngineer's Learning Path "Application Security"

Latest

Top 5 reasons of LLM security failure
How to Create a Secure Code Training Plan For Your Product Team
What’s New in the 2025 OWASP Top 10 for LLMs
The No-Nonsense Guide to Securing Your E-commerce Business Today
3 High-Stakes Security Decisions You Can’t Ignore in 2025
The 2025 Cybersecurity and Compliance Playbook
Top Cybersecurity Experts Raising the Bar for Security in 2024
The Top Cloud Security Roles You Can't Afford to Ignore
Technology to Make Compliance Easier and More Efficient
Ninja-Level Security with Unit Testing and TDD
View all blogs
View all blogs

Abhay Bhargav

Blog Author
Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA. He loves golf (don't get him started).

Ready to Elevate Your Security Training?

Empower your teams with the skills they need to secure your applications and stay ahead of the curve.
Get Started Now
X
X
Side-by-Side Comparison
AppSecEngineer vs Secure Code WarriorAppSecEngineer vs Security JourneyAppSecEngineer vs SecureFlagAppSecEngineer vs PluralsightAppSecEngineer vs KodeKloudAppSecEngineer vs VeracodeAppSecEngineer vs CybraryAppSecEngineer vs Immersive Labs
For Industries
ManufacturingGovernmentFinanceTechnologyHealthcareDefenseRetail
Services
Application Security ServicesThreat Modeling ServicesCloud Security ServicesSecurity Architecture Review ServicesAI LLM Security Services
Support
Knowledge BaseDiscord

For Support write to help@appsecengineer.com

About Us
Privacy PolicyMedia Kit

United States
11166 Fairfax Boulevard, 500, Fairfax, VA 22030

APAC
68 Circular Road, #02-01, 049422, Singapore

FOLLOW APPSECENGINEER
SOC2 Type2 Compliant
4.3
Copyright AppSecEngineer © 2025