If the presence of entanglement could be certified in a device-independent (DI) way, it is likely to provide various quantum information processing tasks with unconditional security. Recently, it was shown that a DI protocol, combining measurement-device-independent techniques with self-testing, is able to verify all entangled states, however, it imposes demanding requirements on its experimental implementation. In this work, we propose a much less-demanding protocol based on Einstein-Podolsky-Rosen (EPR) steering to certify entanglement. We establish a complete framework for DI verification of EPR steering in which all steerable states could be verified. We then analyze its robustness towards noise and imperfections of self-testing by considering the measurement scenario with three settings at each side. Finally, a four-photon experiment is implemented to demonstrate that even Bell local states can be device-independently verified. Our work may pave the way for realistic applications of secure quantum information tasks.