Uncle Rat's XXE Handbook

XXE Made Simple!
Free tutorial
Rating: 4.3 out of 5 (146 ratings)
17,767 students
1hr 6min of on-demand video
English [Auto]

What an XXE is
How to exploit XXE's
XXE Filter evasion techniques
Tools to test for XXE
How to prevent XXE


  • Be familiar with XML files
  • Entry level IT experience


Who am i?

An experienced instructor with over 10 000 happy students on udemy, i spend my time making complex topic reacheable for anyone wanting to learn and understand them. As a dad of a toddler, i know what it means to have to simplify things but even before all this i was already emerged in the world of training IT profiles in software test automation and performance testing, having gotten my neoload expert certification in Paris so i could teach that software in a 3 day course that would prepare staff for neoload certification. All this helped me when i gained some experience in bug bounties on Intigriti (You can find me as theamazingferret) in a short time, i decided to start up my youtube channel because people kept asking me the same questions and this was a way to help them better. People seemed to like my teaching and it blew to where we are today. You can find me on LinkedIn as Wesley Thijs or on youtube or twitter or even facebook as the XSS Rat.

What does this course offer?

During my time as a bug bounty hunter and pentester i found i liked the XXE vulnerability type quite a lot. In this course i explain to you where XXE stems from, what it entails, how to exploit it and even how to prevent it. Every video file has a full PDF covering the topics in detail. To finish off i will you show you how to exploit this vulnerability in a set of practical video's demonstrated on one of my old CTF machines and on the portswigger labs.

Not only will you learn how to find and exploit this vulnerability but i will complete your skillset by giving you general guidance on preventing this issue type.

Who this course is for:

  • Developers looking to find out how XXE works
  • Pentesters looking to add XXE to their arsenal
  • Bug bounty hunters looking to add XXE to their arsenal


I am the XSS Rat
Wesley Thijs
  • 4.0 Instructor Rating
  • 3,659 Reviews
  • 144,994 Students
  • 12 Courses

I am the XSS Rat, an experienced ethical hacker who stands for quality and who believes knowledge is a building block we can all use to grow bigger than we ever were. As a software test i have a unique skill set that centers around logic flaws and IDORs which i have not seen very much by other hunters. This gives me the advantage of finding less duplicates and maximizing my chance of finding a vulnerability by picking the correct target and applying the correct test strategy.

Top companies trust Udemy

Get your team access to Udemy's top 25,000+ courses