Enable mobile template for better seo

The success of a blog or website is its visitors so it's the responsibility of the blogger to develop a good platform which is comfortable for the readers to read on their devices. The desktop template will not help the readers to comfortably read contents on their phones for that mobile template is necessary. Having both desktop and mobile template for a blog or website is now marked as an SEO measure. On the resend update Google give more importance to sites having mobile-friendly. Another spectacular feature of the mobile view is it reduces loading time and size of the pages. About 80% of the web traffic is from mobile phones than desktop so making requirement arrangements for the visitors to access contents is an important thing. Search engine give more preference to websites with a mobile template to the audience when the search occurs from mobiles.  In blogger, it's very easy very to setup mobile template, Just goto template tab and you will see the mobile customise option. In other blogging platforms also things are like this there is no need web coding is necessary just need to enable and customize it. As sites mobile-friendliness is now considered as a SEO factor enabling mobile template is now marked as necessary step by many of the SEO stats checking tools.

So having mobile view will increase SEO scores and also increase rank in the blog directories depending on blog SEO which also sometimes helps in getting visitors.

Even though it's not a good idea but many sites just use a lite template or mobile template the advantages of this is it will reduce loading time and has less page size. The demerit is just poor in graphics and not much attractive to satisfy visitors. Bloggers need to think about the visitors who came to our site for reading contents and so need to make blog good for reading and make an impression in the mind of the visitors to bookmark for future reference. So having a mobile site alone is also a not preferable thing but having both desktop and mobile site will lead to increase traffic as well as SEO score.

Things to watchout when using Facebook apps

There are many things we need to care when we use an application on Facebook. Because to run a Facebook application we are giving some rights to the app to access. In most cases, users don’t give much time for reading the permissions that the app requires. The permission also has the right to make post behalf of you. Some applications are built for connecting the Facebook account with websites and some will post behalf of you, create an album, create funny photos etc. Many apps are just building for spam purposes. I found a Facebook application which tells valentine mate of the user using the friend list of the users. The worst part of this app is that it posts photo by the name of the user in the entire group in which he/she is a member. It is not easy for a user to remove all the posts that posted on behalf of him/her in the groups. Just ignoring permission in the app requires is the reason behind this trap that is giving permission to the app to post behalf of the user. So it’s very important that one should have to read all the necessary details before accepting a Facebook application. Just give permission to the apps that you trust. When accepting an application it can even access to the friend list, email address etc of the users even though the user set the privacy as only me. So accepting a not trusted application will cost you a big loss. If you feel that you jumped into a trap of Facebook application simply remove the application from the app list.

How to remove Facebook application

1) Go to Settings
2) Click Apps--->Logged in with Facebook
3) Select an app
4) Click Remove app which is present bottom.

You can also see the app permission above the remove button. When you log in with the help of a Facebook application your privacy is under question unless it is a trusted application. Some Facebook applications are very helpful to do some activities quickly or making some funny photos on behalf of us etc but need to check that is there is any bad intention is there behind the application or not. Nowadays spamming with the Facebook application is increasing day by day as a result of it more victims are falling into the trap. So need to be careful next when you give permission to a Facebook application.

How to test Cross Site Tracing

Cross site tracing is a type of web application vulnerability which results in cross site scripting with http TRACE method. TRACE is a http requesting method which simply echoes back whatever the user send to the server. If a website respond to TRACE request then we can confirm that it is vulnerable to cross site tracing shortly called XST. It's very easy to test cross site tracing, you can test it with burp suite repeater, OWASP ZAP request tab or you can use curl  command in command prompt. This vulnerability is easy to find out and probably for the beginners to try out for to get start into ethical hacking

Testing method:- Just open your command prompt (cmd) or MS DOS. Remember curl need to be downloaded and installed manually for using curl command ( for beginners).  Just type the command curl -X TRACE url . For example curl -X TRACE google.com for testing whether Google accept HTTP TRACE method. In penetration testing software's like burp suite, ZAP you just need to send a request like TRACE url.  Example TRACE google.com.In the below image you can see the request that I made and response that I got.

Test result:- If the web application doesn't accept HTTP TRACE method then you will get an http status code 405 or 301 in the response or output. If the response gives a http status code 200 then it is vulnerable to cross site tracing ( xst ) and with that possibility cross site scripting ( xss ) is possible.

How internet communication is secured through HTTPS

Man in the middle attack is shortly called MITM. This is a hacking method used by hackers to leak information’s that was transferred between client and server. Man in the middle is possible if and only if the communication is done through HTTP protocol. The reason is this protocol transfer information I'm plain text that makes a hacker or an attacker leak information that was transferred between client and server by making a connection between them. This is widely used in LAN, as it is very easy to make a connection in the local area network. The security problem that occurs with the HTTP led to the coining of https it's similar to HTTP for transferring web pages and allows web browsing. But there is a security step was made to protect from information leakage. Through https when transferring information it will do an encryption process and change the information to some codes that can be decrypted if and only if the man in the middle attacker has the decryption key which is impossible to get. Encryption and decryption process is done by the client browser. So client and server will get the actual message that transferred. If you look at some of the websites like Facebook, PayPal, Google etc was loading in https.

By default HTTP use port 80 and https use port 443, compared to https HTTP was the fastest I'm loading that's why HTTP is used I'm blogging sites and website homepage. By default web browsers make connection with HTTP so https connection is not possible unless the client to enter the entire URL in https for example: if the client entered domain.com in the URL box and click go then the link that load will be like http://www.domain.com but in order to make connection in https the client need to enter https://www.domain.com which in most case the clients will not do so that a new security step has been taken to avoid this problem that is HSTS widely called as HTTP strict transport security feature this makes the web browser to understand that the connection to the site need to be I'm https. The developer can set up an age to the HSTS at that much time the web browser will remember the connection is in https only. This security step makes impossible for the hackers to leak information through a man in the middle as the connection is completely in https. Make sure that the site is in https when you provide payment details and other private information to a web server. This will make your privacy is safe.