Application Security

What is XML External Entities (XXE)?

Updated:
February 21, 2022
Written by
Abhay Bhargav

Security Engineer Interview Questions - What is XML External Entities (XXE)?

Never be caught tongue-tied in an Application Security Engineer Interview. In this video Abhay Bhargav explores the popular Security Engineer Interview question from Glassdoor and Indeed "What is XXE?"

#XXE is a key vulnerability in OWASP (Open Web Application Security Project) Top 10 and is a serious vulnerability that can have devastating impacts against your Web Application or Web Service. XXE can result in Local-File Include, Remote File Include, Remote Code Execution, Server-Side Request Forgery or #SSRF and Denial of Service.

Abhay explores XXE in the form of an offensive and defensive demo directly from AppSecEngineer's Learning Path "Application Security"

Source for article
Abhay Bhargav

Abhay Bhargav

Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA. He loves golf (don't get him started).

Abhay Bhargav