I have been off from blogging for a while, this is because I partially stopped learning these stuffs. Now I thought I will begin again from the start as I found a new and Interesting website.Come join me as I walk though the tutorial provided by Portswigger . First we have to make an account, then go to the learn tab.There they provides XML external entity (XXE) injection SQL injection Cross-site scripting (XSS) OS command injection File path traversal (directory traversal) They are improving the courses.So lets start with sql injection. They have given a detailed material about it, even a video tutorial is provided What is SQL injection? It is a web vulnerability which allows an attacker to use SQL commands to retrieve unauthenticated data , Get admin privilege and other harmful acts. While we move along,There are vulnerability labs for testing what we have learned which is a very good feature.In blog lets try the first lab of SQLi. Retr