Saturday, 29 May 2021

JavaScript for Beginners PART-2

 JavaScript for Beginners PART-2


While we want to use any other code in HTML. we need to use the tag <script>. In this script lag, you are going to code your javascript code.

Here I am using a sublime text editor which is a famous text editor for programmers. I recommended working with sublime text so you can make programming easy.



For defining the javascript language, we need to use define inside the script tag as:
<script language="javascript" type="text/javascript">.

And now we are going to code our first program that is "hello world" by using the method document.write. This method is used to print any data type. In python we use "print", In java, we use "System.out.print", In C++ we use "court" etc., like this we use "document.write" to print a line in javascript.

Now, you need to do the ToDo2:
Step1: Install any programming text editor i.e, Sublime text editor
Step2: Write a basic HTML code. 
Step3: Inside the body tag, display "hello world/Your Name" in the webpage by using javascript.
Step4: Get verified with me on Instagram.

Output:


Learn some of the concepts in javascript by using this below book 



JavaScript for Beginners

 JavaScript for Beginners


What is JavaScript?

  • JavaScript is a text-based programming language.
  • Used in both on the client-side and server.
  • The side that allows you to make web pages interactive.
  • Where HTML and CSS are languages that give structure and style to web pages, JavaScript gives web pages interactive elements that engage a user.

Should You Learn JavaScript? Advice For Newbie Web Developers

If you want to become a web developer, you’ll be wondering what programming languages to learn. Not only that: You’ll want to know what languages you should focus on first.

You’ve no doubt heard that JavaScript is an important web technology, but perhaps you’re not sure if it’s all that relevant these days. With so many JavaScript frameworks out there providing ready-to-use code, is it really necessary to learn JavaScript from scratch?

In this guide, we’ll explore what JavaScript does and whether or not it’s still useful. We’ll then look at some of the main reasons for learning JavaScript, and consider why it’s necessary to learn plain JavaScript first, before libraries and frameworks.

1. What is JavaScript and what does it do?

Before you start learning something new, it’s important to understand exactly what it is and what it does. This is especially useful when it comes to mastering a new programming language.

In simple terms, JavaScript is a programming language used to make websites interactive. If you think about the basic makeup of a website, you have HTML, which describes and defines the basic content and structure of the website, then you have CSS, which tells the browser how this HTML content should be displayed—determining things like color and font. With just HTML and CSS, you have a website that looks good but doesn’t actually do much. JavaScript brings the website to life by adding functionality. JavaScript is responsible for elements that the user can interact with, such as drop-down menus, modal windows, and contact forms. It is also used to create things like animations, video players, and interactive maps.

Nowadays, JavaScript is an all-purpose programming language—meaning it runs across the entire software stack. The most popular application of JavaScript is on the client side (aka frontend), but since Node.js came on the scene, many people run JavaScript on the server side (aka backend) as well. When used on the client side, JavaScript code is read, interpreted, and executed in the user’s web browser. When used on the server side, it is run on a remote computer. You can learn more about the difference between frontend and backend programming here.

JavaScript isn’t only used to create websites. It can also be used to build browser-based games and, with the help of certain frameworks, mobile apps for different operating systems. The creation of new libraries and frameworks is also making it possible to build backend programs with JavaScript, such as web apps and server apps.

2. Is it still worth learning JavaScript in 2020?

The world of web development is constantly moving. With so many new tools popping up all the time, it can be extremely difficult to know where you should focus your efforts. As an aspiring developer, you’ll want to make sure that what you’re learning is still relevant in today’s industry.

If you’re having doubts about JavaScript, it’s important to know that, since its creation in 1995, JavaScript is pretty much everywhere on the web—and that’s not likely to change any time soon. According to the 2019 StackOverflow developer survey, JavaScript is the most commonly used programming language for the seventh year in a row. It is currently used by 94.5% of all websites and, despite originally being designed as a client-side language, JavaScript has now made its way to the server-side of websites (thanks to Node.js), mobile devices (thanks to React Native and Ionic) and desktop (courtesy of Electron).

As long as people are interacting with the web, you can assume that JavaScript is highly relevant—there’s no doubt that this is a language worth knowing! With that in mind, let’s look at some of the key benefits of becoming a JavaScript expert.

3. Why learn JavaScript?

The most obvious reason for learning JavaScript is if you have hopes of becoming a web developer. Even if you haven’t got your heart set on a tech career, being proficient in JavaScript will enable you to build websites from scratch—a pretty useful skill to have in today’s job market!

If you do want to become a web developer, here are some of the main reasons why you should learn JavaScript:

JavaScript experts are versatile

JavaScript is an extremely versatile language. Once you’ve mastered it, the possibilities are endless: you can code on the client-side (frontend) using Angular and on the server-side (backend) using Node.js. You can also develop web, mobile, and desktop apps using React, React Native, and Electron, and you can even get involved in machine learning.

If you want to become a frontend developer, JavaScript is a prerequisite. However, that’s not the only career path open to you as a JavaScript expert. Mastering this key programming language could see you go on to work in full-stack development, games development, information security software engineering, machine learning, and artificial intelligence—to name just a few!

Ultimately, if you want any kind of development or engineering career, proficiency in JavaScript is a must.

JavaScript experts are in-demand (and well-paid)

JavaScript is the most popular programming language in the world, so it’s no wonder that JavaScript is one of the most sought-after skills in the web development industry today.

According to the Devskiller Global Technical Hiring & Skills Report 2019, 70% of companies are looking to hire JavaScript experts. Enter the search term “JavaScript” on job site Indeed and you’ll find over 40,000 jobs requiring this skill (in the US). Run the same search on LinkedIn and the results are in excess of 125,000.

At the same time, the global demand for JavaScript seems to outweigh the expertise available on the market. According to this 2018 HackerRank report, 48% of employers worldwide need developers with JavaScript skills, while only 42% of student developers claim to be proficient in JavaScript.

Not only are JavaScript experts in demand—they are also well-paid. In the United States, JavaScript developers earn an average yearly salary of $111,953 per year. We’ve covered this topic in more detail in our JavaScript salary guide, but as you can see, learning JavaScript can really boost your earning potential as a developer.

JavaScript is beginner-friendly

Compared to many other programming languages, JavaScript offers one of the more beginner-friendly entry points into the world of coding. The great thing about JavaScript is that it comes installed on every modern web browser—there’s no need to set up any kind of development environment, which means you can start coding with JavaScript right away!

Another advantage of learning JavaScript as your first programming language is that you get instant feedback; with a minimal amount of JavaScript code, you’ll immediately see visible results. There’s also a huge JavaScript community on sites like Stack Overflow, so you’ll find plenty of support as you learn.

Not only is JavaScript beginner-friendly; it will also set you up with some extremely valuable transferable skills. JavaScript supports object-oriented, functional, and imperative styles of programming—skills which can be transferred to any new language you might learn later on, such as Python, Java, or C++. JavaScript provides a crucial introduction to key principles and practices that you’ll take with you throughout your career as a developer.

4. Should you learn plain JavaScript first or can you skip to frameworks and libraries?

When deciding whether or not to learn JavaScript, what you’re really asking is whether or not you should learn “vanilla” JavaScript. Vanilla JavaScript just means plain JavaScript without any libraries or frameworks. Let’s explore what this means in more detail now.

What is meant by vanilla JavaScript, libraries, and frameworks?

If you research the term “vanilla JavaScript”, you might run into some confusion; however, all you need to know is that vanilla JavaScript is used to refer to native, standards-based, non-extended JavaScript. There is no difference between vanilla JavaScript and JavaScript—it’s just there to emphasize the usage of plain JavaScript without the use of libraries and frameworks.

So what are libraries and frameworks?

JavaScript libraries and frameworks both contain sets of prewritten, ready-to-use JavaScript code—but they’re not the same thing. You can think of a framework as your blueprint for building a website: it gives you a structure to work from, and contains ready-made components and tools that help you to build certain elements much quicker than if you were to code them from scratch. Some popular JavaScript frameworks include Angular, React, Vue, and Node.js.

Frameworks also contain libraries. Libraries are smaller than frameworks, and tend to be used for more specific cases. A JavaScript library contains sets of JavaScript code which can be called upon to implement certain functions and features. Let’s imagine you want to code a particular element into your website. You could write, say, ten lines of JavaScript from scratch—or you could take the condensed, ready-made version from your chosen JavaScript library. Some examples of JavaScript libraries include jQuery, Lodash, and Underscore.

The easiest way to understand how frameworks and libraries work together is to imagine you are building a house. The framework provides the foundation and the structure, while the library enables you to add in ready-made components (like furniture) rather than building your own from scratch.

You can learn more about the relationship between languages and libraries in this post explaining the main differences between JavaScript and jQuery. For now, let’s go back to our original question: How important is it to learn vanilla JavaScript?

Should you learn vanilla JavaScript first?

When it comes to learning JavaScript, it can be tempting to skip ahead to those time-saving frameworks and libraries we just talked about—and many developers do. However, there are many compelling arguments for learning plain JavaScript first.

While JavaScript frameworks may help you get the job done quicker, there’s only so far you can go if you don’t understand the core concepts behind these frameworks. Frontend developer Abhishek Nagekar describes how not learning vanilla JavaScript came back to bite him when he started learning the JavaScript frameworks Node and Express:

“As I went to write more and more code in Node and Express, I began to get stuck at even the tiniest problems. Suddenly, I was surrounded with words like callbacks, closures, event loop and prototype. It felt like I got a reintroduction to JavaScript, but this time, it was not a toddler playing in its cradle, it was something of a mysterious monster, challenging me on every other step for not having taken it seriously.”

5. What is the best way to start learning JavaScript?

So: if you want to become any kind of web developer, you absolutely need to learn JavaScript—and you should start with plain old vanilla JavaScript first.

The best way to start learning JavaScript is to get hands-on. Once you’ve read up on what JavaScript is and how it works, give it a go in your browser. If you’re using Google Chrome, just click “View” then select “Developer” from the drop-down menu. From there, select “JavaScript Console” and you’re good to go!

Ok.. enough case study, let's jump into the main work(Part 2).

Saturday, 22 May 2021

HTML for Beginners

 HTML - Hypertext Markup Language


HTML

HyperText Markup Language (HTML) is the set of markup symbols or codes inserted into a file intended for display on the Internet. The markup tells web browsers how to display a web page's words and images.
  • HTML stands for HyperText Markup Language.
  • HTML is the standard markup language for creating Web pages.
  • HTML describes the structure of a Web page and its elements tell the browser how to display the content.
  • HTMLfile can be save in the extension of '.html'.

HTML Element

An HTML element is defined by a start tag, some content, and an end tag

<tagname>Some content</tagname>

Simple Document

Programming languages used in bug bounty

Programming languages used in bug bounty


People, nowadays scared of the word programming language. You guys are here to learn bug bounty as a professional. for that, you have to communicate with the computer so only computer will respond to you. programming languages are just a language like yours language. if you need to do testing on a computer, you must learn some of the languages.

"If you want to exploit something, first you need to know, how to develop that thing"

In website testing, you need to know some programming language as well as a scripting language.

Some of the front-end programming languages such as HTML, JavaScript, etc., and backend programming language such as PHP, ASP.NET, etc.,

And scripting languages like Python, Ruby, Perl, and Bash.

To, Know all these languages, don't worry guys I will update all needed languages in this blog you can go through that. Happy learning

Saturday, 15 May 2021

Basic knowledge about bug bounty

 Basic knowledge about bug bounty

What is bug bounty?

Also called a vulnerability rewards program (VRP) or vulnerability disclosure program (VDP) is a reward given for reporting a security vulnerability and it is a great way to test their skills on different types of targets and get paid when they find some security vulnerabilities.

Best Bug Bounty books for Beginners

If you can't learn from digital screens, don't worry you can learn anything from books. here are some bug bounty training books for beginners,

1. Ghost In The Wires: My Adventures as the World’s Most Wanted Hacker



gingKevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies and no matter how fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. As the FBI's net finally began to tighten, Mitnick went on the run, engaging in an increasingly sophisticated game of hide-and-seek that escalated through false identities, a host of cities, and plenty of close shaves, to an ultimate showdown with the Feds, who would stop at nothing to bring him down.

Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escapes -- and a portrait of a visionary who forced the authorities to rethink the way they pursued him and forced companies to rethink the way they protect their most sensitive information.

2. Web Hacking 101: How to Make Money Hacking Ethically

Web hacking 101 is an eBook that was developed by software security expert Peter Yaworski. His goal was to help the HackerOne community profit from their bug bounty hunting skills within a bug bounty program. Basically, this bug bounty tool will help you learn how to monetize your cybersecurity knowledge.

If you want to learn how to hack as a beginner for free, HackerOne makes this eBook available for free. Once you sign up or log into your free HackerOne account, you’ll receive the publication via email.

3. Bug Bounty Hunting Essentials: Quick-paced guide to help white-hat hackers get through bug bounty programs 

Bug bounty programs are initiatives adopted by companies as part of their vulnerability management strategy. This approach involves rewarding white-hat hackers for finding bugs in applications and other software vulnerabilities. The number of prominent organizations opting for this program has exponentially increased over time, creating more opportunities for ethical hackers. This book starts by introducing you to the concept of bug bounty hunting and its fundamentals. You'll then delve into vulnerabilities and analysis concepts, such as HTML injection and CRLF injection, which will help you understand these attacks and be able to secure an organization from them. Toward later chapters, you'll gain practical knowledge of working with different tools for bug hunting. Finally, you'll explore a variety of blogs and communities you need to follow to further build on your skills. By the end of this book, you will have developed the pentesting skills you need to become a successful bug bounty hunter. 

Are we need any programming knowledge for bug bounty?

The answer is Yes and No, don't get confused guys, I will tell you why the answer is Yes and No. First, we will see why we need coding knowledge in bug hunting. if you need to develop a career in bug hunting, you should know to develop some important web-based programming languages like HTML, JavaScript, PHP, and ASP.NET also you need to know some scripting languages like Python, Ruby, Perl, and Bash. otherwise, you will face some problems and you will doesn't know how to manipulate code. Next, we will see why No. if you are a beginner in this field you need not worry about programming knowledge but you need to know about the basic computer operating knowledge. if you don't have that much knowledge about the programming language, you need to find bugs, for you guys developers have a special tool called "PVS-Studio Analyzer".




This tool is used by programmers for rectifying the errors that they have unchecked during the programming time. By using this tool also the bug hunters get benefits out from this. This tool will help you out with automated testing rather than manual testing. But this tool is paid because it is an automation tool so you have to buy this otherwise you can use the free trial.



 

 

Tuesday, 11 May 2021

Abbreviations and terminologies used in Bug hunting

Abbreviations and terminologies used in Bug Bounty


1. Bug bounty -  Also called a vulnerability rewards program (VRP) or vulnerability disclosure program (VDP) is a reward given for reporting a security vulnerability.

2. Bug bounty program - Individuals or companies that reward security researchers for reporting security vulnerabilities in their products or any other digital services.

3. Enumeration - Enumeration is nothing but the information that you have gathered from a particular target.

4. POC - (proof of concept), A brief explanation of a vulnerability via test, screenshot, and video.

5. Target - Setting up a particular domain or task for finding the vulnerability.

6. Duplicate - Already reported vulnerability by someone else before for the same target.

7. Scope - Organizations will assign/decide, where a researcher is allowed to test and what type of testing is permitted.

8. Full disclosure - When the entire report is publicly disclosed. Bug bounty hunters will usually request public disclosure of their report once the vulnerability issue has been resolved on the particular company or organization.

9. Partial disclosure - When a report is publicly disclosed, but certain details are manipulated.

10. BAC - (Broken access control), when an application does not restrict user permissions for some access to administrative functionality. This may include viewing of unauthorized content and they lead to application takeover.

11. CVE - (Common vulnerability exposure), is a system of publicly known as cybersecurity vulnerabilities mostly found on openly released software.

12. CVSS - (Common vulnerability scoring system), is a free and open industry standard for valuing the hardness of security vulnerabilities.

13. CSRF - (Cross-site request forgery), Also known as one-click attack, CSRF bug is a type of malicious exploit of a website where unofficial commands are transmitted from a user that the web application support.

14. CWE - (Common weakness enumeration), There are currently over 600 categories covering from buffer overflows, cross-site scripting, to insecure random numbers.

15. CVSS - (Common vulnerability scoring system), CVSS is a free and open industry standard for evaluating the severity of security vulnerabilities. CVSS attempts to assign scores to vulnerabilities, enabling responders to prioritize responses and resources according to the severity.  

16. XSS - (Cross-site scripting), Commonly found in web applications, XSS enables attackers to inject client-side scripts into web pages viewed by other users.

17. CSS - (Crowdsourced security), CSS is an established security approach wherein plenty of ethical hackers are incentivized to search for and report vulnerabilities in the assets of a given organization, with the full understanding and awareness of the organization in question.

18. Email Spoofing - Email spoofing is the forgery of an email header so that the message seems to have originated from someone or somewhere other than the original source. Email spoofing is a tactic used in phishing and spam attacks because people are more likely to open an email when they think it has been sent by a genuine source. The goal of email spoofing is to get receivers to open, and possibly even respond to, a solicitation.

19. PayoutThe money paid to a researcher or in our term bug hunter, once their vulnerability submission has been validated/approved.

20. Private Programs - Organizations or companies send a request to find bugs to an individual or group of bug hunters or researchers based on their participation and points.

21. Points Points are nothing but awarded for submissions to the researcher or bug hunters for build status and used to measure the leaderboard. the pots will also be used to get more private programs.

Friday, 7 May 2021

How to get started with bug bounty?

How to get started with Bug Bounty?



How to get started in Bug Bounty, Where to start bug bounty, What is the best time for starting bug bounty, What is the LAB setup I need to do bug bounty is a common question nowadays. I will help you out with these questions. The First thing you have to focus less on money and more on learning. 

Disclaimer:

I have to tell you one thing, that doesn't focus on completing the blog or content that I have wrote. My advice is to understand each line and methodology that I have wrote. so make sure that you have understood every tool, theory, methodology, and some other things that I have used in this blog. Also, use desktop / Computer for use this blog

Prerequisites:

I will tell you some important prerequisites for getting started with a bug bounty.

  1. Good Laptop or Desktop
  2. Balanced Internet
  3. Basic computer knowledge like software installing, Notepad, and Web searching
  4. E-mail ID
  5. Mainly Interest
Make sure that these all prerequisites are with you or else just know about things and get started when you have these all prerequisites.

Lessons you will learn from this blog:

  1. Abbreviations and terminologies used in Bug hunting
  2. Basics of web language like HTML, CSS, and Javascript
  3. Proxy
  4. Protocols
  5. Port numbers
  6. HTTP status code
  7. Headers
  8. Basics of network security
  9. Different encoding mechanisms
  10. Basics of cryptography
  11. Same-Origin Policy (SOP)
  12. Cross-Origin Resource Sharing
  13. Session management
  14. Different ways of identifying a user
  15. Cookies
  16. Authentication headers
  17. Basic knowledge about how session IDs issued
  18. Google dorks & How to find bugs with Google dorks?
  19. Burp suite & other web testing tools 
  20. Various types of bugs, the priority of the bugs, and average bounty based on the priority of bugs
  21. Report writing and POC Video editing 
  22. Analyze the best report writing and find the bounty methodology
  23. Github and How hackers are using GitHub
  24. And more

Bugs we will cover:
  1. Email spoofing
  2. Clickjacking 
  3. Cross-site scripting(XSS)
  4. Open redirection 
  5. Insecure Direct Object References (IDOR)
  6. Cross-Site Request Forgery (CSRF) 
  7. Server-Side Request Forgery (SSRF) 
  8. SQL Injection 
  9. Deserialization issues
  10. Remote Code Execution (RCE) 
  11. Race Conditions
  12. Broken Access Control
  13. And more

Others:

  1. Find Bugs using dorks and report it
  2. HackerOne and bug crowd bug finding methodology
  3. Automotive bug identification methodology
  4. And more
So let's jump into our learning process. Stay with me guys I will take you out to the bug hunting world.











Thursday, 6 May 2021

My journey of bug bounty
Who am I?
    I am F-leven. I am a bug hunter, web developer, and ethical hacker. I started my bug hunting journey 4 years before. I have learned a lot of tricks and tips during this time period. so I would like to share my experiences with you guys. during my starting period of bug hunting. I actually don't know what is a bug bounty in my starting point. but I have a craze for doing things like hacking, testing, and finding vulnerabilities because that I am a computer student when I was 16. I usually download many files like cracked games, software, and many other pirated software. by downloading these types of files, I got affected by the virus. that time I will be sacred because my laptop was new..., if anything happened I need to repair it, it will cost huge money, I lost my important files, photos and I need to reboot it. so! I decide to didn't play games, didn't download pirated software, and didn't visit the unsecured website. 

After some days I have a need to download the pirated software due to work and college purposes. then I decide to download the pirated but by virtual machines. by using virtual machines we don't need to be scared about any virus or any unsecured things. then I know about Linux and how secure it is. so I virtualized ubuntu and frequently used ubuntu as my regular operating system because of its good-looking and neat user interface. then I learned some of the basic Linux commands and how to use Linux better. After some days, when I use Linux in my college my friends will ask like "are you a hacker" this question makes me dive into the cybersecurity field. so now I would like to thank you for the pirated software, virtual machines, ubuntu, and some other viruses. I will call these my mentors or motivators.😂 I have learned a lot of services from these things like how to delete viruses, how to scan any files which contain viruses or any other backdoors. when I play high-end games like GTA 5 or Watchdogs my computer goes to death or popup blue screen in the middle of the game. by this, I have learned to repair the blue screen error and how to boot the operating system, and some other repairing stuff.

After some days I got curies to learn bug bounty When I heard about the bug bounty program. I researched about it and I got passionate about it because it is like a game when we find any bugs in a particular company we got "mission passed +$5000" just like video games. so I decide to learn bug hunting for that I buy an online course "Learn bug bounty in 10 days" each day has 1 hr live session. But I can't get as much knowledge from that. So I decided to search “out of the box” like I studied or learned various blogs, articles, youtube videos, courses, by mentors, tools, bug bounty platforms, and some other websites for bug hunting methodology (the burp suite developed company) for practical training. So these all resources and all other things that I have learned will share with you in this blog. So you will get benefit out of this blog and also you can ask me any queries related to my blog contents. I will sure that you will get the maximum amount of information related to bug hunting. And you can also use the forum for asking doubts regarding bug hunting. Also, don’t forget to subscribe to this blog so that you will miss the updates in this blog.


Let us stay motivated guys I will share my entire knowledge with you that I have learned during my bug hunting journey. and I don't want to waste your time lets start with new lessons.