In this chapter, we learned about XSS attacks, which can be described as vulnerabilities that are found on web applications. We also learned that there are three major types of XSS vulnerabilities—the reflected and stored. We looked at the reflected vulnerability and used the DVWA website to launch this attack. We also learned about the stored XSS vulnerability, and even practically implemented it. Then, in the exploitation section, we performed an advanced attack where we controlled the victim's machine. Finally, we learned how to protect ourselves from these vulnerabilities. In the next chapter, we are going to be learning about a tool called ZAP.