DEV Community

loading...

Discussion on: How hackers steal your keys and secrets

omerxx profile image
Omer Hamerman Author

Hi,

Like I mentioned earlier, you probably want to learn the basics on your own and then validate your protection by "attacking" your own page. Here's a great video with explanations on different techniques. The guy has also a practice area where you can practice what you've learned: youtube.com/watch?v=EoaDgUgS6QA

When you protect something, be aware of what it is you are protecting from. "XSS" is a wide range of techniques that can abuse pages. If you protect from a certain technique - e.g. HTML tags, try exploiting your own form with something like <img src/onerror=alert(1)>.
Here's another cheatsheet by Portswigger where you can see an endless list of methods: portswigger.net/web-security/cross...