Uncle Rat's XXE Handbook

XXE Made Simple!

What does this course offer?

What an XXE is
How to exploit XXE's
XXE Filter evasion techniques
Tools to test for XXE

How to prevent XXE

During my time as a bug bounty hunter and pentester i found i liked the XXE vulnerability type quite a lot. In this course i explain to you where XXE stems from, what it entails, how to exploit it and even how to prevent it. Every video file has a full PDF covering the topics in detail. To finish off i will you show you how to exploit this vulnerability in a set of practical video's demonstrated on one of my old CTF machines and on the portswigger labs.

Not only will you learn how to find and exploit this vulnerability but i will complete your skillset by giving you general guidance on preventing this issue type.


Your Instructor


Experts with David Bombal
Experts with David Bombal

David Bombal, together with some of the best minds in the industry is offering courses on a wide range of topics including networking, programming and software development. Our team has decades of experience teaching students from all over the world.

Together we can do more!

David Bombal (CCIE #11023 Emeritus) passed his Cisco Certified Internetwork Expert Routing and Switching exam in January 2003 and is one of a small percentage of Cisco Engineers that pass their CCIE labs on their first attempt.

David qualified as a Cisco Certified Systems Instructor (CCSI #22787) many years ago! He has been training Cisco courses for over 15 years and has delivered instructor led courses in various countries around the world covering a wide range of Cisco topics from CCNA to CCIE.

He has also personally developed Cisco engineer utilities such as the VPN Config Generator, software, training materials, EBooks, videos and other products which are used throughout the world.

David has designed, implemented and managed networks ranging from single sites to those that span 50 countries.


Wesley Thijs
Wesley Thijs

I am the XSS Rat, an experienced ethical hacker who stands for quality and who believes knowledge is a building block we can all use to grow bigger than we ever were.

As a software test i have a unique skill set that centers around logic flaws and IDORs which i have not seen very much by other hunters.

This gives me the advantage of finding less duplicates and maximizing my chance of finding a vulnerability by picking the correct target and applying the correct test strategy.


Course Curriculum


  Introduction
Available in days
days after you enroll
  What is XXE?
Available in days
days after you enroll
  XXE Entry Points
Available in days
days after you enroll
  Exploiting XXE
Available in days
days after you enroll
  WAF and filter evasion
Available in days
days after you enroll
  Tools to find and how to prevent XXE
Available in days
days after you enroll
  Throwing it all together
Available in days
days after you enroll
  Let's try it
Available in days
days after you enroll

Frequently Asked Questions


When does the course start and finish?
The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.
How long do I have access to the course?
How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.
What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 14 days and we will give you a full refund.

Get started now!