Never be caught tongue-tied in an Application Security Engineer Interview. In this video Abhay Bhargav explores the popular Security Engineer Interview question from Glassdoor and Indeed "What is XXE?"
#XXE is a key vulnerability in OWASP (Open Web Application Security Project) Top 10 and is a serious vulnerability that can have devastating impacts against your Web Application or Web Service. XXE can result in Local-File Include, Remote File Include, Remote Code Execution, Server-Side Request Forgery or #SSRF and Denial of Service.
Abhay explores XXE in the form of an offensive and defensive demo directly from AppSecEngineer's Learning Path "Application Security"
AppSecEngineer is a powerful training platform that delivers amazing hands-on training on AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security.
#AppSecEngineer is ideal for jobseekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers
Content of this video
0:00- Intro
0:18- What is XML external entities
02:18- XML DTD
03:17- XXE- Remote code execution
04:17 -XXE SSRF
05:27- XXE interactive lab demo
15:30- Like and subscribe
Learn more about XXE at appsecengineer.com/applicatio...
Twitter: / appsecengineer
Linkedin: / appsecengineer