Today I am going to show you that how to do xss in sites. and in the other part i'll show you how to resolve XSS.

But this one is only for how to make XSS in sites

so first of all

what we need is that you need to learn html, css and php. for this process and if you dont know them, i'll prefer you to use

http://www.w3schools.com

Okay and if you know them very well lets start :)

first of all we simply create a form which prints your name

it asks you your name and then it prints it.

so lets start

let me tell you that i am using GET method to get the data from the remote side (user) to the server side (server).

The Html Code For This Will Be:

Because of we are using gET method so in method its

method="GET"

now  lets save it and open it using xampp on localhost or 127.0.0.1

for this you need to get xampp installed i already have it installed if you dont have it installed try googling it :D

so our html code will produce this kinda result :)

now if you enter anything and submit it the page will refresh and will do nothing

so according to the topic we are going to make a xss attack vulnerable site

so let me write the php code for that

itx a simple php code and i am not going to add anything which will do xss and no one writes the code to let anyone do xss on his site. he/she just make a simple site and sitting blissfully.

so i am going to write a simple php code that'll echo out (print out the thing i write in the box)

so that'll be:

hye there

Now lets submit it and see thy result :D

okay so this is the result :D 

now let me just simply enter a html code that'll show itself on the page.
Code:

The indie game, which Do My Best Games and TinyBuild launched for PC, Mac, Xbox One and PlayStation 4 this summer, became available for Linux last week.
Although the post-civilization genre is fairly crowded space, the zombie-killing horror ride has earned generally positive reviews from veteran games critics, who appreciated its narrative and level of detail.


There was no grand scheme to expand the title to Linux.
"Honestly, there wasn't some specific reason for that -- we just want to give access to our game [to] as many players as possible," said Oleg Sergeev, game designer of The Final Station.
The ability to create a Linux port pretty easily on the Unity platform led the company to make the decision, he told LinuxInsider.

Open Source Demand

The Final Station is the first Linux port for the company, but it appears that the launch so far has been a successful one, with relatively few glitches, based on feedback on the site.
"You don't typically see much priority on major gaming titles released for Linux, but there are some exceptions, and this is changing to some degree with software such as SteamOS," noted Jay Lyman, senior research analyst at 451 Research.
"While Linux still isn't usually treated as a first class platform, a growing number of titles are adding Linux support without requiring workarounds or additional compatible software," he told LinuxInsider.
Other major titles that recently moved to Linux include Mad Max, Dying Light, and American Truck Simulator.
Linux has become the operating system of choice in almost every segment of computing except for the desktop, noted Kevin O'Brien, a project manager and Linux enthusiast.
That's partly due to the fact that so many games are written for Windows only, he told LinuxInsider. "The increasing availability of games on the Linux platform removes that obstacle and makes it more likely that Linux can be the default OS for average computer users."

SteamOS Platform

Much of the drive to develop games for Linux began in 2013 when Valve Software launched its Linux-based SteamOS system for entertainment use. At the time, enthusiasts began to see greater demand for Linux-compatible gaming titles, but an additional problem over the years has been getting the related hardware necessary to take full advantage of those capabilities.
Currently, there are only about 400 titles that are Linux-plus-SteamOS compatible out of nearly 25,000 game entries in the Steam store, said Lewis Ward, research director for gaming and VR/AR at IDC.
That is indicative of the relative popularity of Linux compared to other operating systems, he told LinuxInsider.
"There definitely has to be a love of Linux and the open source software movement to make such a commitment," Ward stressed.
TinyBuild has been busy of late. It released the Alpha 2 version of Hello Neighbor earlier this month.

"I'm pretty sure this is the biggest release we've ever had, at least in terms of commits," Torvalds wrote. "If you look at the number of lines changed, we've had bigger releases in the past but they've tended to be due to specific issues."

A chunk of the upgrade is the new greybus staging support, and other than size, the release looks fairly normal, he noted. Staging, GPU and networking are the bulk of the drivers.

Version 4.2 got a lot of lines from the AMD GPU register definition files, Torvalds noted. Version 3.2 was due to staging, version 3.7 was due to the automated uapi header file disintegration.

The merge window for 4.10 is now open, Torvalds said, adding that the timing might be a bit awkward as it technically closes on Christmas Day.

That is a "pure technicality," though, and he said he would stop pulling on the 23rd of December at the latest -- adding that if he should get roped into Christmas food prep, even the Dec. 23rd date might be called into question.

"I could extend the merge window rather than cut it short, but I'm not going to," Torvalds said.

"I suspect we all want a nice calm winter break, so if your stuff isn't ready to be merged early, the solution is just not merge it yet at all and wait for 4.11," he suggested.

"The release is a fairly standard update with some improvements in file system, security and hardware support, including ARM devices and GPUs," noted Jay Lyman, a senior research analyst at 451 Research.

"The size and weight of Linux 4.9 may be an issue for some developers and end users, particularly as containers and lightweight container-specific operating systems -- many of which are based on Linux -- gain more attention and use," he told LinuxInsider.

Overall, the new Linux kernel represents "a lot of performance tuning and streamlining," said Paul Teich, principal analyst at Tirias Research.

Despite its size, it's not a hugely significant upgrade, he said, but it reflects a maturing kernel that addresses a wide range of markets.

"The biggest single feature that stood out to me is virtual display and reset support for AMD GPUs," Teich told LinuxInsider. "This is a big deal for folks who want to use AMD GPUs for compute acceleration, or even to deliver virtual desktops from Linux servers."

There are a lot more updates for 29 more AMD SoCs, including a wave of 64-bit ARM mobile and embedded SoCs, he noted.

"Google's canned project Ara's 'greybus' got some time," Teich said, "and some of that might show up in a future Moto phone."

Intel got fixes for its integrated sensor hub, DRM, and some performance improvements for Atom, he also noted.

Lastly, a few MIPS, POWER and SPARC architecture commits also were snuck in, showing just how strong Android and Linux have become, said Teich. "It's not just about x86 vs. ARM.

Among the world's nations, the United States ranked highest in ransomware incidents, according to a Malwarebytes report on the prevalence and distribution of extortion apps. The area of the country that logged the most incidents was the Las Vegas-Henderson, Nevada, region.
Nevada cities led the nation in overall ransomware detections, most detections per individual machine, and most detections per population, according to the report, which is based on an analysis of half a million ransomware incidents.
Las Vegas' attraction to tourists and conference goers may be what attracts digital bandits.
"When people go to conferences, they're using their laptops on WiFi networks that may not be completely trusted," explained Adam Kujawa, head of malware intelligence at Malwarebytes.
Coupled with the relaxed atmosphere of the city, that can make users more vulnerable to vehicles delivering ransomware.
"When people are having a good time, they let their guard down," Kujawa told TechNewsWorld.

Rust Belt Targeted

Although Las Vegas topped the list for ransomware detections, half of the top 10 ransomware cities were found in the Rust Belt: Detroit, Michigan; Ohio cities Toledo, Columbus and Cleveland; and Fort Wayne, Indiana.
A lack of security awareness and misplaced trust may have contributed to the high rate of detections in that region.
"They're less security-aware than people living in larger metropolitan areas," Kujawa said. "People are also more likely to fall for phishing attacks, which is one of the primary methods of malware distribution."
Ransomware has been a scourge over the past two years, but that will change in the coming months as the security industry finds new ways to block ransomware, suggested Nima Samad, a Malwarebyes data science analyst who also worked on the report.
"Within the next year or two, we'll see a dramatic decrease -- at least in the kind of ransomware we're seeing right now," he told TechNewsWorld.

Teflon Security

Friction is the great enemy of e-commerce. Consumers do not respond well to any delays doing what they want to do online. That's why so many shopping carts are abandoned before shoppers pull the trigger on a purchase.
More than two out of three carts (68.81 percent) are deserted by shoppers, according to the Baymard Institute.
Friction creates a ticklish problem for security teams, because protecting merchants and consumers from fraud can create friction. Ideally, the best security scheme is one that gives consumers their cake and lets them eat it, too -- one that offers maximum protection but is invisible to shoppers.
Such a trend is occurring in global financial institutions, where adoption of passive risk assessment systems is growing. Those systems assess the risk of a consumer's session with a financial institution, using a basket of factors about that session.
What's particularly beneficial about the systems is that they continually authenticate the author of the session. Typically, once a user provides a name and password, they become "trusted," and their activity after login is ignored.
With risk assessment systems, users are monitored constantly. Even if they use a correct name and password, risky online behaviors will be flagged, and action taken to authenticate their identities.

Useless Passwords

"You can essentially authenticate and re-authenticate a user all the time by looking for things that are anomalous," explained Dan Ingevaldson, CTO ofEasy Solutions.
There can be anomalies in how a browser is used or in the way a visitor logs in compared to the past, or in the makeup of the device used in a session.
However, it's important to understand that these passive systems deal in probability. They tell you what the probability is that a particular session is risky.
"Very confident predictions can be made that one session is related to another. That's really helpful. It can make things like stolen passwords unusable to attackers," Ingevaldson explained.
"We're going to see a lot more of these systems in 2017," he predicted.

Beyond Compliance

Software development is in a state of transition. More and more organizations are getting apps to market faster and with better quality using technologies like DevOps, Agile and continuous improvement. Those technologies aren't just changing software development -- they're changing the security industry, too.
The days of making security purchases solely for compliance reasons are fading fast.
"Plenty of security purchases were made to check off some compliance boxes, and it was hoped that the product would also deliver some real value," noted Zane Lackey, chief security officer at Signal Sciences.
With the adoption of DevOps and its emphasis on speed and quality, organizations are starting to demand more from security vendors.
"Buyers are getting fed up with vendors not delivering on their promises," Lackey told TechNewsWorld.
As part of that value equation, security vendors need to shed a role many of them have had for years.
"Security has always acted as this gatekeeper and blocker. Now buyers don't want to know, 'how does this slow me down less?' but 'how does this enable me to move faster?'" Lackey pointed out.
"Security can't be a compliance checkbox that just slows everything down," he emphasized. "It needs to add real value and help me move faster as an organization."

Breach Diary

• Dec. 26. PakWheels, an automotive classified website, notifies its users that their personal data is at risk after its server was breached by an unknown third party.
• Dec. 27. Three Chinese citizens charged by United States of engaging in conspiracies to commit insider trading, wire fraud and computer intrusion in an indictment filed in federal court in Manhattan.
• Dec. 27. New Hampshire's Department of Health and Human Services says confidential information of as many of 15,000 people who received department services is at risk after unauthorized access to them by a patient at the state's psychiatric hospital.
• Dec. 27. Global encryption software market will be US$2.5 billion by 2021, Allied Market Research forecasts.
• Dec. 28. InterContinental Hotel Group, which operates more than 5,000 hotels worldwide, says it's investigating reports of a possible data breach at a small number of its hotels located in the United States.
• Dec. 28. The Organization for Security Cooperation in Europe, which monitors the Ukraine-Russian conflict, says it suffered a data breach that compromised the security of its computer network.
• Dec. 29. Nevada takes its marijuana portal offline after a data breach exposed confidential information on some 12,000 applications for cards used to obtain medical marijuana.
• Dec. 29. FBI and U.S. Department of Homeland Security issue joint report detailing the tools and infrastructure used by Russian intelligence services to compromise and exploit networks and infrastructure associated with the recent U.S. election, as well as a range of U.S. government, political and private sector entities.
• Dec. 29. Hong Kong Airlines apologizes to its customers for flaw in its Android app that allowed personal information of more than 100 passengers to be viewed by other usrs of the app.
• Dec. 30. President Barrack Obama expels from the United States 35 suspected Russian spies for "malicious cyber activity and harassment" in connection with Russia's attempt to influence the 2016 presidential election.
• Dec. 31. Potomac Healthcare Solutions accidentally exposed to the public Internet confidential information on scores of psychologists and other healthcare professionals deployed within the U.S. military's Special Operations Command, MacKeeper security researcher Chris Vickery says.

Upcoming Security Events

• Jan. 9. 2017 Predictions: Authentication, Identity & Biometrics in a Connected World. 11 a.m. ET. Webinar by BioConnect. Free with registration.
• Jan. 11. Double Yahoo Breach: Nothing You Can Do About It, But Learn. 3 p.m. ET. Webinar by ITSPmagazine. Free with registration.
• Jan. 12. 2017 Trends in Information Security. 11 a.m. ET. Webinar by 451 Research. Free with registration.
• Jan. 12. What Does the Massive Yahoo Hack Mean for Your Company? 1 p.m. ET. Webinar by Viewpost. Free with registration.
• Jan. 12. The Rise of Malware-Less Attacks: How Can Endpoint Security Keep Up? 1 p.m. ET. Webinar by Carbon Black. Free with registration.
• Jan. 12. FTC PrivacyCon. Constitution Center, 400 7th St. SW, Washington, D.C. Free.
• Jan. 13. How the Heck Did They Miss It? Lessons to Learn from the Yahoo Breach. 1 p.m. ET. Webinar by Acalvio Technologies.
• Jan. 13. I Heart Security: Developing Enterprise Security Programs for Millennials. 5 p.m. ET. Webinar by NCC Group. Free with registration.
• Jan. 13-14. BSides San Diego. National University, Spectrum Business Park Campus, 9388 Lightwave Ave., San Diego. Tickets: $30 (includes T-shirt).
• Jan. 16. You CAN Measure Your Cyber Security After All. 1 p.m. ET. Webinar by Allure Security Technology. Free with registration.
• Jan. 26. The True State of Security in DevOps and Expert Advice On How to Bridge the Gap. 1 p.m. ET. Webinar by HPE and Coveros. Free with registration.
• Jan. 31. Using GDPR To Your Advantage To Drive Customer Centricity and Trust. 5 a.m. ET. Webinar by Cognizant. Free with registration.
• Feb. 4. BSides Huntsville. Solutions Complex building, Dynetics, 1004 Explorer Blvd., Huntsville, Alabama. Tickets: $10.
• Feb. 4. BSides Seattle. The Commons Mixer Building, 15255 NE 40th St., Redmond, Washington. Tickets: $15, plus $1.37 fee.
• Feb. 12-13. BSides San Francisco. DNA Lounge/SF BuzzWorks, 375 11th St., San Francisco. General Admission: $35; with electronic pass, $110.
• Feb. 13-17. RSA USA Conference. Moscone Center, San Francisco. Full Conference Pass: before Nov. 11, $1,695; before Jan. 14, $1,995; before Feb. 11, $2,395; after Feb. 10, $2,695.
• Feb. 21. Top Trends That Will Shape Your Cybersecurity Strategy in 2017. 11 a.m. ET. Webinar by vArmour, American University, TruSTAR and Cryptzone.
• Feb. 25. BSides NoVa. CIT Building, 2214 Rock Hill Rd.#600, Herndon, Virginia. Tickets: conference, $25; workshops, $10.
• Feb. 28. Key Steps to Implement & Maintain PCI DSS Compliance in 2017. 1 p.m. ET. Webinar by HPE Security.
• March 2. Enabling Trust Throughout the Customer Journey. 10 a.m. PT. Webinar by Iovation. Free with registration.
• March 28-31. Black Hat Asia. Marinia Bay Sands, Singapore. Registration: before Jan. 28, S$1,375; before March 25, S$1,850; after March 24, S$2,050.