Testing for XSS in the real world assuming…
Would it be safe to assume that no matter what site you test is automatic set on “Hard” or “Impossible” category when we practice on DVWA. Would it be best to test with more “Exotic” payloads rather than basic ones, since those are for the most part not realistic to exploit these days. I know simpler is better, but some of these WAFs are just a pain to think outside the box when it comes to XSS for the real world.
Log in to reply.