Security Engineer Interview Questions - What is XML External Entities (XXE)?

Never be caught tongue-tied in an Application Security Engineer Interview. In this video Abhay Bhargav explores the popular Security Engineer Interview question from Glassdoor and Indeed "What is XXE?" #XXE is a key vulnerability in OWASP (Open Web Application Security Project) Top 10 and is a serious vulnerability that can have devastating impacts against your Web Application or Web Service. XXE can result in Local-File Include, Remote File Include, Remote Code Execution, Server-Side Request Forgery or #SSRF and Denial of Service. Abhay explores XXE in the form of an offensive and defensive demo directly from AppSecEngineer's Learning Path "Application Security" AppSecEngineer is a powerful training platform that delivers amazing hands-on training on AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security. #AppSecEngineer is ideal for jobseekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers Content of this video 0:00- Intro 0:18- What is XML external entities 02:18- XML DTD 03:17- XXE- Remote code execution 04:17 -XXE SSRF 05:27- XXE interactive lab demo 15:30- Like and subscribe Learn more about XXE at https://appsecengineer.com/application-security-courses/ Twitter: https://twitter.com/AppSecEngineer Linkedin: https://linkedin.com/company/AppSecEngineer