Top 3 websites to learn programming/coding

Programming Is the Art of Creating Innovative things in the form of Computer Software to reduce the Efforts of and make their life easy.In the Early Days of Computers,Programming was very tough to learn because user have to go through hundred of books to learn a language but Now a days after invention of Internet,there are tons of website where we can learn Programming Easily.
I have Compiled a list of top 5 websites where you can Learn Programming and also can start coding on online compilers on some of them.
                                                           The List is As Follows.

W3 SCHOOLS:

                        It is one of the Top websites to Learn Proramming in different client side and server side web programming languages without spending even a penny.It is totally free and Provides the Facility of "Try it Yourself",by which we can try on online compiler,what we learnt from tutorial.

Code Academy:

                         Code Academy is another website where we can learn programming without any fee.In code academy we can learn python also along with other web programming Languages.Code Academy Provides very interactive online compiler and step to step instruction while coding in online compiler to make people understand the Logic.

Tutorials Point:

                       When it comes to learn Computer application programming Languages other than Web Programming Languages then there is no better choice than tutorialspoint.com.In tutorials point we can learn different high level languages like C,Angular JS,Python,Perl,Ruby etc.Besides this we can also Learn Bash Shell Programming,Java and database technologies from this Website.

SQL Injection Tutorial(to hack Website Database)

Injection Attacks for Website Hacking and Hacking Website Database with Sql injection

Following is the list of Top 10 Vulnerabilites than can Occur in our web Application and Put our websites and its users to risk.We will start learning from top to bottom(injections to unvalidated redirects).This is our first tutorial and in this tutorial we will cover Injections and we learn how to hack a website with simple sql injection attack.
 

• A1-Injection
• A2-Broken Authentication and Session Management
• A3-Cross-Site Scripting (XSS)
• A4-Insecure Direct Object References
• A5-Security Misconfiguration
• A6-Sensitive Data Exposure
• A7-Missing Function Level Access Control
• A8-Cross-Site Request Forgery (CSRF)
• A9-Using Components with Known Vulnerabilities
• A10-Unvalidated Redirects and Forwards

 

Tools used in this Video:
Havij Advanced Sql injection Tool
Tutorial:
Part 2:

Thats all for this post,i hope you enjoyed.Sorry for my bad english

Web Sultan Firewall 1.0 for Protection Against XSS and SQL injection Available for Download

Web Sultan Firewall 1.0 Available for Download:

Web Sultan Firewall is the only firewall on the internet which havent been bypassed yet by any hacker.It was Coded by me two days before writing this post and Today i made its source code public and you can download it.Its Features are as Follows.

1. Protection Against every kind of Advanced XSS and SQL Injection Attacks.
2. Web Sultan Firewall Havent been bypassed by any hacker on the internet yet.
3. Very Easy to implement(import firewall.php using function "require firewall.php" and filter every input via the function "firewall_charcheck_xss" for Maximum Protection).
4. Code is well written with comments so that advanced users can Modify it According to their need.
5. IP and possible attack string Logging for further actions(import firewall.php using function "require firewall.php" and Use "firewall_xss_alarm" for this feature in your code).

6.   It havent been bypassed yet but still its is under development      for further new features.

This is the Result of An online xss scanner about my website on which i implemented this firewall.

Download Link:

http://anonkhan.host56.com/download.php

or you can download code directly from github

https://gist.github.com/anaskhanyusfzai/8f7b0675e071bf2725e4

You can Download The Firewall From the link above.Implementation Instructions are written inside file name how to install in the firewall package

Sharing is Caring,Please Share with your friends so that they can keep their websites secure.

Tell Your intrest in hacking or ethical hacking So that we can Manage those content for you

Please Kindly Tell us in comments about the video tutorials you want us to upload related to hacking so that we can Manage to create and upload them for free.

Youtube:

DailyMotion:

intro to hack it or crack it Blog For Fresh... by anas-khan17

Advanced Xss attacks and How to Protect Against Them and Intro to Web Sultan and Into To "Web Sultan" xss and sqli Firewall

Xss and Sqli Stands for(Some English Lessons):

                 "Xss Stands for Cross Site Scripting".

Common Thing in both of these attacks are that these attacks are Exploitable if their is Lack of input Validation in web application where input is either directly placed into webpage that executes in client side(User Browser) or it is directly placed in a query(In case of SQL Injection).

What is Xss and Sql injection Attack:

                                  "Xss and Sql injection are Attacks on Web Application which are Accomplished by exploiting lack of Input Validation Vulnerabilities.In these types of Attacks the Programmer of the Web site have either directly placed user input into Web page(In case of Xss) or it is directly Placed into sql query(In case of Sql injection)".

Technicalities of XSS Attack:

As xss attack arises due to direct placing of input inside the webpage so exploitation of this type of vulnerability requires knowledge of html and javascript.

Suppose We have a webpage with code 

<html>

<head><title>Introduction to Xss</title></head>

<body>

<center>

<form method="POST" action="yourpage.anything">

<font size="30">Your Name</font><br><input type="search" name="search_item"/><br><br>

</form>

</center>

<font size="50">Your Name is:<font>

<?php $input=$_POST['search_item'];

echo $input;

?>

</body>

</html>

As web developer guys can see that here the input is not being validated and directly placed inside the code so we can check this vulnerability by simple script.

<script>alert(document.cookie)</script>

This Script simply alerts the cookie being used by the document which is used to automatically authenticate it to webserver without asking user for username and password for every page.
Some other attack vectors are the following:
<img src=x onerror=javascript:alert(document.cookie)/>

<img src=x onerror='alert(document.cookie)'/>
<a onmouseover='alert(document.cookie)'>injected</a>

Some Fun stuff:

I found Cross site scripting in top webhosting company 000webhost.com and changes the background by exploiting the vulnerability and when ever i login into my 000webhost account i have my background changed.I have made a Proof of Concept Video of It which is following:

How to protect Against Xss Attack:

Their are two ways by which we can avoid Cross site scripting Vulnerability.

1.Avoid Placing user input directly into the webpage

2.By Server Side Checks on input by user (firewalls).

Best Firewall for protection Against Cross Site Scripting:

There are tons of webapplication Firewalls that protect against Cross site Scripting Attacks but all of them have been bypassed by Hackers.So in that case the only firewall that have'nt been bypassed by any hacker yet is "Web Sultan Firewall".It was Created by me two days from the day i wrote this post.I applied that firewall to fully vulnerable webpage to xss whose link is following and it havent been bypassed yet.

link:anonkhan.host56.com

To get this firewall for your website or web application you can contact me at my email anasabdullah014@gmail.com and request for it but kindly give reference of this post for me to understand your request.

Introduction to Hacking(how do they do it?)

                                 Introduction to Hacking

 In my first post on this blog.I am going to describe the audience basics introduction to hacking.Who is a hacker?History of Hacking and How do they do it?.

What is Hacking:-

Hacking is the art of gaining access to somebodies computer/email/website without permission of Legitimate user.
                         or
Hacking is the art of finding and exploiting weaknesses in Computer in order to gain illegal access to somebodies Computer/email etc.

Who is a Hacker:-

The person who is involved in hacking activity or Simply,the person who hacks is called a hacker.

How do they do it:-

Hacking is Done by Exploiting Some Vulnerabilities or Flaws which rise in Programming Code or Source Code Of a software/Application/Operating System or Web Application.And this Exploitation Of Vulnerability results in either allowing illegal access to your Computer/Website/Phone etc or Complete Shutdown of Legitimate Services(This Happens Only in the case of Denial Of Services Attack which will be discussed later in details)

Basic Terminologies of Hacking:-

Vulnerability:

An Error or Flaw in Source code of Application which when exploited results in breach(hacking) of a System or Phone etc

Exploit:

Exploit and Exploitation are two different things,Exploit is a piece of Code created by professional Hackers which takes advantage of flaw in Source Code for taking over the system,Simply Exploit is Used for Exploitation.

Where to find exploits for specific Application:-

There are Tons of Repositories online from where you can download Exploits for Specific Application if they exist.Such As
https://www.exploit-db.com