Advanced Xss attacks and How to Protect Against Them and Intro to Web Sultan and Into To "Web Sultan" xss and sqli Firewall

Xss and Sqli Stands for(Some English Lessons):

                 "Xss Stands for Cross Site Scripting".

Common Thing in both of these attacks are that these attacks are Exploitable if their is Lack of input Validation in web application where input is either directly placed into webpage that executes in client side(User Browser) or it is directly placed in a query(In case of SQL Injection).

What is Xss and Sql injection Attack:

                                  "Xss and Sql injection are Attacks on Web Application which are Accomplished by exploiting lack of Input Validation Vulnerabilities.In these types of Attacks the Programmer of the Web site have either directly placed user input into Web page(In case of Xss) or it is directly Placed into sql query(In case of Sql injection)".

Technicalities of XSS Attack:

As xss attack arises due to direct placing of input inside the webpage so exploitation of this type of vulnerability requires knowledge of html and javascript.

Suppose We have a webpage with code 

<html>

<head><title>Introduction to Xss</title></head>

<body>

<center>

<form method="POST" action="yourpage.anything">

<font size="30">Your Name</font><br><input type="search" name="search_item"/><br><br>

</form>

</center>

<font size="50">Your Name is:<font>

<?php $input=$_POST['search_item'];

echo $input;

?>

</body>

</html>

As web developer guys can see that here the input is not being validated and directly placed inside the code so we can check this vulnerability by simple script.

<script>alert(document.cookie)</script>

This Script simply alerts the cookie being used by the document which is used to automatically authenticate it to webserver without asking user for username and password for every page.
Some other attack vectors are the following:
<img src=x onerror=javascript:alert(document.cookie)/>

<img src=x onerror='alert(document.cookie)'/>
<a onmouseover='alert(document.cookie)'>injected</a>

Some Fun stuff:

I found Cross site scripting in top webhosting company 000webhost.com and changes the background by exploiting the vulnerability and when ever i login into my 000webhost account i have my background changed.I have made a Proof of Concept Video of It which is following:

How to protect Against Xss Attack:

Their are two ways by which we can avoid Cross site scripting Vulnerability.

1.Avoid Placing user input directly into the webpage

2.By Server Side Checks on input by user (firewalls).

Best Firewall for protection Against Cross Site Scripting:

There are tons of webapplication Firewalls that protect against Cross site Scripting Attacks but all of them have been bypassed by Hackers.So in that case the only firewall that have'nt been bypassed by any hacker yet is "Web Sultan Firewall".It was Created by me two days from the day i wrote this post.I applied that firewall to fully vulnerable webpage to xss whose link is following and it havent been bypassed yet.

link:anonkhan.host56.com

To get this firewall for your website or web application you can contact me at my email anasabdullah014@gmail.com and request for it but kindly give reference of this post for me to understand your request.