We’re creating a super-useful series called Security Engineer interview questions, where we dive into real-world interview questions on AppSec from Glassdoor, Indeed.com and other sources. This week, I dive into the question “What is XXE” with the aid of an amazing lab from our Learning Path on Application Security. Enjoy!


AWS recently released a whitepaper on the Security Overview of Lambda. This document is meant to be an in-depth look at Lambda Security. Its definitely a worthwhile read. However, I have tried to simplify and distill some of the most important security points for general consumption

A little bit of…


This video is AppSecEngineer’s Part 1 of Seven Deadly Sins of Container Security. These specifically refer to 7 different mistakes that people and orgs make when running containerized deployments in their environment.


I have been in InfoSec since 2008. I started extensively presenting at conferences and events from 2014 or so (when I felt I had something to say). It wasn’t that I had nothing much to say before then, but I constantly felt weird about “not researching enough”, or “Who’s going…


I started doing PCI-DSS Audit work in 2008 (yes I know). Since then, PCI-DSS has always had “Requirement 3”, a PCI-DSS set of security requirements that were typically seen as infamous because of the number of organizations, who would just not be able to fulfill them. What was Requirement 3…


I have been developing a bunch of serverless apps and experimenting with serverless security for our (we45’s) work in Pentesting and for our training on Serverless Security in OWASP AppSecUSA 2018 and I came across this interesting scenario during my research.

If you are working with AWS Lambda (Serverless), chances…


I have been playing around with Terraform for the last 2 months or so, and I really enjoy working on it. …


The Problem

Ever since I started my journey in DevSecOps and Application Security Automation, one of the key areas of my work has been “Parameterized Scanning”. “Parameterized Scanning” started off when we were attempting to automate an application security test for one of our largest clients, a World’s Top 10…

Abhay Bhargav

CTO of we45 (An AppSec Company), DevSecOps Greasemonkey, Passionate Security Technologist and Creator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store