Web application security the basic requirement and follow as a minimum security standard nowadays to develop online applications. Most of the web applications are managing online transaction like transferring money, pay bills online and many more services related to finance. So, all the web transactions are exchanged of static data related to both the bank parties which is used to populate XML document. And the SOAP web services and REST protocol are used for exchange of two heterogeneous applications and the data is parsed by XML parser. XML External Entity attack occurs as XML input weakly parsed data. This attack refers problems like confidential information, denial of service and server side request information. In this paper we explain about XML External Entities, prevention measures, problems and expected solutions.