Find a Book  

Biography : Zakir Naik

Zakir Naik

Zakir Abdul Karim Naik is an Indian public speaker on the subject of Islam and comparative religion. He is the founder and president of the Islamic Research Foundation, He is sometimes referred to as a televangelist because of his work at Peace TV.

Born: October 18, 1965 (age 48), Mumbai, India

Spouse: Farhat Naik

Education: Topiwala National Medical College and Nair Hospital, Kishinchand Chellaram College, University of Mumbai

Nationality: British, Indian

Few Books of Zakir Naik
Chad and Quran
Hinduism and Islam
All Books of Zakir Naik
Article and Tutorial

Online Marketing Strategies for a Tight Budget

1. Get endorsed by a local celebrity.
Many business owners dream of having their product or service endorsed by a global celebrity. But instead of trying to get a superstar to support your business, try seeking out a local celebrity instead.

Who exactly are local celebrities? These are people your local paper is writing about -- perhaps an "unsung hero" such as a teacher or a resident who's doing something positive and newsworthy. Since they're in your neighborhood, these people should be relatively easy to locate and contact by phone or e-mail. Let them know you'd like to send them a gift, namely your product or service.

The only catch: you'd like to follow up with them in a few days to get their honest feedback. Their responses can make for useful blog or marketing content.

2. Create a LinkedIn group.
Not only is a LinkedIn group free to create, it can enable you to offer your professional network a vibrant, useful information resource all while driving traffic to your site and increasing sales. Just don't use the platform to hard sell anyone.

It can take time and effort to get one going, but the goal should be to help provide resources and start discussions on topics that can benefit your community. Groups should also be a place for your members to network with other professionals online.

3. Get published on niche blogs.
While it may be difficult to get on the front cover of a major magazine, you can create marketing opportunities by being featured in a popular niche blog. Identify three to five blogs that target your market then contact the creator and offer a few ideas of how you'd like to bring value to his or her readers. You can:

• Demonstrate good will by offering the niche blog owner a small amount of your product or service for free, which they can give away to their audience as a gift. This is different than a product review, which only offers information.
• Send ideas for blog posts you'd like to write and explain why they would be helpful for their readers.
• Ask if you can interview them for your site. This might entice the blog manager to promote your content since it highlights his or her business.

4. Create videos for YouTube.
With more than 800 million unique visitors a month, YouTube can be a powerful platform for marketing a business online. To do so, go beyond simply posting random videos of your product or sharing your thoughts.

The marketing videos you create should include the following elements:
• A keyword-researched headline
• A clear editorial message (don't try to accomplish too much in one video)
• A call to action (tell the viewer to do something, such as subscribing to your channel)

While you can spend a small fortune on cameras, lighting equipment and editing software, the camera built into your smartphone should be able to capture suitable online video. As for editing, if you're on a Mac, for instance, you should already have iMovie in your applications. Even if you don't have a Mac you can find free software online or hire a professional editor on sites such as, possibly for as little as $5 depending on the scope of the work.

5. Facebook Ads
It’s no secret that Facebook advertising has taken a lot of heat lately. This baffles me. At ZAGG, we run some fairly aggressive Facebook ad campaigns and we typically see greater than 100% ROI.

The beauty of Facebook ads is unmatched targeting. Have a product that is perfect for an 18-24 year-old male with an iPhone who lives in Denver and ‘Likes’ SportsCenter (by the way, there are just over 3,000 of them)? Facebook will find him and, with a decent ad, you’ll get the clicks from the ultimate potential customer.

The one aspect of Facebook ads to be aware of is ad fatigue. As you’re targeting a very specific group of people, it’s likely that they will see your ad repeatedly. Upload new ads frequently to keep the messaging fresh.

Back to our Miami Heat iPhone skin… With Facebook ads, I know I want to show my ads to iPhone users who ‘Like’ the Heat and its players.

So under the “Broad Categories” setting I’ll select Mobile and iPhone. Then using “Precise Interests,” I’ll build a group of people who ‘Like’ The Heat, LeBron James, Dwayne Wade, Chris Bosh, and so on until I have my perfect target market. If I wanted to narrow it down even more, I’d limit the ad so it only shows to people in or around Miami. When I’m done, I know my ad will only be shown to and clicked by people who are most likely to buy.

6. Email Marketing
Email is the most underappreciated marketing channel. Everyone likes to talk about the sexiness and adventure of social media, but it’s email that truly has the most money-making potential. If Facebook was the email killer, it’d have killed email by now.

It wasn’t until early 2010 that ZAGG started dedicating time and resources to email marketing. From April 2010 to December 2010, we tripled the size of our email list. In 2011, we increased the size by about another 50%. In 2012 our list size continues to surge.

How has the increase in list size translated to revenue? After only seeing a 12% growth in web sales from 2008-2009, sales increased 66% in 2010 and 71% in 2011. Obviously, building our email list isn’t the only thing we’ve done in that time, but it has been at the center of our internet marketing strategy.

Organizations should focus on email before anything else. Once you have a decent email list built up, leverage that base to build a social media following.
If they subscribe to your emails, they’re literally waiting for you to send them something awesome. If you have a product or service that people are excited about, they will open your emails. If you’re decent at email, people will open their wallets.

7. Submit Your Site to Trade Organization Sites and Specialized Directories.
Some directories focused on particular industries, such as education or finance. You probably belong to various trade associations that feature member directories. Ask for a link. Even if you have to pay something for a link from the organization, it may help boost your PageRank.

Marginal directories, however, come and go very quickly, making it hard to keep up, so don’t try to be exhaustive here. Beware of directories that solicit you for “upgraded listings.” Unless a directory is widely used in your field, a premium ad is a waste of money — but the (free) link itself will help boost your PageRank and hence your search engine ranking.

SubmitWolf is a directory submission tool I’ve used with good success. You complete a listing form in the software interface. Then they submit your listing to all the appropriate directories they know of, plus links to sites that require manual submission. It’s a timesaver and works well. Just be careful to submit only to actual directories, not “linking sites.”

8. Create a multi-faceted Internet marketing strategy.
In order to increase your brand recognition you should launch several marketing campaigns at once. The following are marketing strategies that you should look at starting within a few weeks of each other:

• Create social media accounts and assign someone to launch interesting material every day. In order to attract followers, social media accounts and blogs must be consistently updated.

• Create or pay someone to write SEO articles. Articles that mention popular keywords related to your product, but also offer tips or advice are a great way to introduce people to your product. They also help your website to show up on the first pages of an Internet search. Do not scrimp on the money you spend for SEO articles, Google has created a way to list top quality articles first.

• Collect or buy email lists. People who have stores have most likely collected emails throughout the years, which can be used for email blasts. If you do not have any emails, you can buy them from marketing companies or neighboring markets. Send an initial blast and monthly blasts updating your customers on new products.

• Create videos of people using your product, how-tos or people vouching for your product. You can launch these videos via your website, You Tube, Vimeo, Facebook or other places in order to draw interest to your website.

• Buy ads on sites that cater to your market. Communicate your brand image, videos or other product info on banner ads. If you don't have the skills to craft a well-designed ad, hire a graphic designer to create a good ad.

9. Include Your URL on Stationery, Cards, and Literature.
Make sure that all business cards, stationery, brochures, and literature contain your company’s URL. And see that your printer gets the URL syntax correct. In print, I recommend leaving off the “http://” part and including only the portion.

10. Promote using traditional media.
Don’t discontinue print advertising that you’ve found effective. But be sure to include your URL in any display or classified ads you purchase in trade journals, newspapers, yellow pages, etc. View your website as an information adjunct to the ad. Use a two-step approach: (1) capture readers’ attention with the ad, (2) then refer them to a URL where they can obtain more information and perhaps place an order. Look carefully at small display or classified ads in the back of narrowly targeted magazines or trade periodicals. Sometimes these ads are more targeted, more effective, and less expensive than online advertising. Consider other traditional media to drive people to your site, such as direct mail, classifieds, post cards, etc. TV can be used to promote websites, especially in a local market.

11. Develop a Free Service.
It’s boring to invite people, “Come to our site and learn about our business.” It’s quite another to say “Use the free kitchen remodeling calculator available exclusively on our site.” Make no mistake, it’s expensive in time and energy to develop free resources, but it is very rewarding in increased traffic to your site — and a motivation to link to the site! Make sure that your free service is closely related to what you are selling so the visitors you attract will be good prospects for your business. Give visitors multiple opportunities and links to cross over to the sales portion of your site.

12. Install a “Signature” in your Email Program
Install a “Signature” in your Email Program to help potential customers get in touch with you. Most email programs allow you to designate a “signature” to appear at the end of each message you send. Limit it to 6 to 8 lines: Company name, address, phone number, URL, email address, and a one-phrase description of your unique business offering. Look for examples on email messages sent to you.

13. Announce a Contest.
People like getting something free. If you publicize a contest or drawing available on your site, you’ll generate more traffic than normal. Make sure your sweepstakes rules are legal in all states and countries you are targeting. Prizes should be designed to attract individuals who fit a demographic profile describing your best customers.

14. Purchase Pay Per Click (PPC)
Purchase Pay Per Click (PPC) ads with Google AdWords, Yahoo! Search Marketing, or Microsoft adCenter. This strategy is way down the list, but it is vitally important. Most Internet businesses will want to explore using Google AdWords to drive targeted traffic to their websites.

These PPC ads appear on the search engine results page, typically both above and to the right of the organic or natural search engine results. Since they are keyword-driven, they can be quite relevant to what a searcher is trying to find. Your ranking in this list of paid text ads is determined by (1) how much you have bid for a particular search word compared to other businesses, (2) the click-through rate on your ad, and (3) your Quality Score, which reflects the relevancy and quality of your ad and the landing page it points to.

PPC ads can be a cost-effective way to get targeted traffic, since you only pay when someone actually clicks on the link. But I strongly recommend that you study this carefully and expect a learning curve before you invest large sums of money in PPC advertising. You can find articles on Paid Search on our site.

15. Window display or office front
The external presentation of your business office or shop is one of the principal ways of establishing your business image. An attractive, well maintained exterior with clear, bold sign writing is an essential start. Windows should be bright, attractively presented, scrupulously clean and well lit at night. The display should be arranged neatly and aimed at projecting an attractive company image and providing a reason to buy your products or services. Above all it should have sufficient impact to attract attention.

16. Customer Referral Incentive Program
The customer referral incentive program is a way to encourage current customers to refer new customers to your store. Free products, big discounts and cash rewards are some of the incentives you can use. This is a promotional strategy that leverages your customer base as a sales force.

17. Causes and Charity
Promoting your products while supporting a cause can be an effective promotional strategy. Giving customers a sense of being a part of something larger simply by using products they might use anyway creates a win/win situation. You get the customers and the socially conscious image; customers get a product they can use and the sense of helping a cause. One way to do this is to give a percentage of product profit to the cause your company has committed to helping.

18. Branded Promotional Gifts
Giving away functional branded gifts can be a more effective promotional move than handing out simple business cards. Put your business card on a magnet, ink pen or key chain. These are gifts you can give your customers that they may use, which keeps your business in plain sight rather than in the trash or in a drawer with other business cards the customer may not look at.

19. Listen. Tweet. Listen. Listen Again.
Identify your ideal clients and find them on Twitter. Then start following them! Spend weeks listening to them; you’ll be amazed what they will tell you about their concerns, their ideal products, their current frustrations with their vendors. It’s a great way to get open honest market research.

Get a Twitter account in your business name. Post links to your articles educating people in your niche market. At the bottom of the article have links to your products & services. Also offer discount coupon codes to twitter members. This has worked very well for me.

20. Inspire Customers To Call You
Do something really different. Send a monthly postcard instead of a hard copy newsletter. Self-printed cost is $0.46 ea. including the stamp. Make it fun and colorful with a strong “Call to Action” title, like: “100 reasons to call us. List 10-to-20 reasons, including your skills, talents, and tasks. Give customers a coupon for a discount, or a free doughnut, or something fun to inspire them to call.

21. Be Generous
To keep customers loyal to you, instead of a frequent buyer program, send your customers small “surprise” gifts. Customers come to expect rewards when they are members of a program. Surprises always work to instill loyalty and retention.

Don’t make the mistake of thinking that promotional items are only for conferences and tradeshows. When given out with (or in place of) a business card at a lunch, a meeting or in passing, small promotional items become a gift. People expect free stuff at conferences, they don’t expect gifts. Keep a small, branded (and useful) item with you. You can be sure they’ll remember you. They don’t have to be expensive. Tip calculator cards, tea bags, pens and pads, small flashlights or things very target specific to your industry, like small packets of flower seeds for a gardener or landscaper with their contact information on it.

Donate several of your products or services to a non-profit organization that is sponsoring a live auction and the proceeds will be donated to the charity. Your store name will be displayed on the products for the duration of the event and the donation is tax deductible. Plus, you’ll be helping others


Vulnerabilities & Concepts

Vulnerability Types

Cross Site Scripting (XSS)

This vulnerability allows data to be injected into webpages. This data is then interpreted as code and executed by the viewer‘s web browser, which can effectively be seen as remote controlling a victim‘s browser.

Cross Site Request Forgery (CSRF)

CSRF refers to a type of exploits where the victim‘s browser is being tricked into triggering an authenticated action inside a vulnerable web application. The target website can be affected by CSRF regardless of being susceptible to XSS. How dangerous CSRF can be really depends on the kind of action triggered this way and its impact.

SQL Injection

SQL injection attacks lead to the manipulation of SQL queries. Vulnerable applications allow dynamically built SQL queries to contain unfiltered or improperly sanitised user input. If exploited successfully an attacker can gain access to all data in the database as well as modify data, limited only by the access level of the database user.

Insecure Session Handling

This category covers problems enabling attackers to access or manipulate a session token in order to control or take over a session.

Session Fixation

Session Fixation allows an attacker to control the session of a user. This is done by injecting a known token to be used as a valid session token.

Information Disclosure

As the name suggests, security related information is being divulged by the target system, which may simplify an attack. Such information can be found in various places, e.g. code comments, directory listings, error messages or even in search results of your favourite search engine.

Header Injection

This vulnerability allows HTTP headers to be injected into an HTTP response.

File Inclusion

The inclusion of local or remote files into a web application is a serious security vulnerability, which may lead to arbitrary code execution on the server.

Insecure Configuration

Misconfiguration of server or application software may facilitate or simplify attacks.

Weak randomness

This problem refers to predictable random number generation; e.g. badly chosen random seeds or algorithms using insufficient entropy are known to generate weak random numbers.


Secure Input Handling

Input filters and validators can be used to scan user input for specific patterns known to trigger unwanted side effects in web applications. User input can contain fragments of JavaScript, SQL, PHP or other code which – if unfiltered – could then lead to code execution within the context of the web application.


Sanitising functions can be used to “repair” user input, according to the application‘s restrictions (e.g. specific datatypes, maximum length) instead of rejecting potentially dangerous input entirely. In general, the use of sanitising functions is not encouraged, because certain kinds and combinations of sanitising filters may have security implications of their own. In addition, the automatic correction of typos could render the input syntactically or semantically incorrect.


There are several different kinds of escaping:

- The backslash prefix “\” defines a meta character within strings. For Example: \t is a tab space, \n is a newline character, … This can be of particular interest for functions where the newline character has a special purpose, e.g. header(). Within regular expressions the backs- lash is used to escape special characters, such as \. or \*, which is relevant for all functions handling regular expressions.

- HTML encoding translates characters nor- mally interpreted by the web browser as HTML into their encoded equivalents – e.g. < is < or < or < and > is > or > or >. HTML encoding should be used for output handling, where user input should be reflected in HTML without injecting code. (See also: htmlentities())

- URL encoding makes sure, that every character not allowed within URLs, according to RFC 1738, is properly encoded. E.g. space converts to + or and < is <. This escaping is relevant for functions handling URLs, such as urlencode() and urldecode().


There are two different approaches to filtering input data – whitelisting and blacklisting. Blacklisting checks input data against a list of “bad patterns”. This way, unwanted input can be discarded and all other content can be processed further. On the other hand, whitelisting checks input data against a list of known “good patterns”. All unmatched input can be discarded and only input recognised as valid is accepted.

In the real world whitelisting turned out to be far more resistant to security vulnerabilities than blacklisting, since it is usually a lot easier to specify the narrow set of valid patterns for the whitelist than to exclude every invalid input with a blacklist. In particular, whitelisting should be used for input directly controlling the program flow, e.g. for include statements or eval().

Security Related PHP Functions

Validation and Sanitising Functions


The PHP core provides a few functions suitable for sanitising:

is_numeric() Checks a variable for numeric content.

is_array() Checks if a variable is an array.

strlen() Returns a string‘s length.

strip_tags() Removes HTML and PHP tags. Warning: As long as certain HTML tags remain, JavaScript can be injected along with tag attributes.

CType Extension

By default, PHP comes with activated CType exten- sion. Each of the following functions checks if all characters of a string fall under the described group of characters:

ctype_alnum() alphanumeric characters – A-Z, a-z, 0-9

ctype_alpha() alphabetic characters – A-Z, a-z

ctype_cntrl() control characters – e.g. tab, line feed

ctype_digit() numerical characters – 0-9

ctype_graph() characters creating visible output e.g. no whitespace

ctype_lower() lowercase letters – a-z

ctype_print() printable characters

ctype_punct() punctuation characters – printable characters, but not digits, letters or whitespace, e.g. .,!?:;*&$

ctype_space() whitespace characters – e.g. newline, tab

ctype_upper() uppercase characters – A-Z

ctype_xdigit() hexadecimal digits – 0-9, a-f, A-F


if (!ctype_print($_GET['var'])) {

die("User input contains non-printable characters");


Filter Extension – ext/filter

Starting with PHP 5.2.0 the filter extension has provided a simple API for input validation and input filtering.

filter_input() Retrieves the value of any GET, POST, COOKIE, ENV or SERVER variable and applies the specified filter.

<?php $url = filter_input(INPUT_GET, 'url', FILTER_URL); ?>

filter_var() Filters a variable with the specified filter.

<?php $url = filter_var($var, FILTER_URL); ?>

List of Filters Validation Filters

Validation Filters

FILTER_VALIDATE_INT Checks whether the input is an integer numeric value.

FILTER_VALIDATE_BOOLEAN Checks whether the input is a boolean value.

FILTER_VALIDATE_FLOAT Checks whether the input is a floating point number.

FILTER_VALIDATE_REGEXP Checks the input against a regular expression.

FILTER_VALIDATE_URL Checks whether the input is a URL.

FILTER_VALIDATE_EMAIL Checks whether the input is a valid email ad- dress.

FILTER_VALIDATE_IP Checks whether the input is a valid IPv4 or IPv6.

Sanitising Filters

FILTER_SANITIZE_STRING / FILTER_SANITIZE_STRIPPED Strips and HTML-encodes characters according to flags and applies strip_tags().


FILTER_SANITIZE_SPECIAL_CHARS Encodes ‘ " < %gt; & \0 and optionally all characters > chr(127) into numeric HTML entities.

FILTER_SANITIZE_EMAIL Removes all characters not commonly used in an email address.

FILTER_SANITIZE_URL Removes all characters not allowed in URLs.

FILTER_SANITIZE_NUMBER_INT Removes all characters except digits and + -.

FILTER_SANITIZE_NUMBER_FLOAT Removes all characters not allowed in floating point numbers.


Other Filters

FILTER_UNSAFE_RAW Is a dummy filter.

FILTER_CALLBACK Calls a userspace callback function defining the filter.

Escaping and Encoding Functions

htmlspecialchars() Escapes the characters & < and > as HTML entities to protect the application against XSS. The correct character set and the mode ENT_QUOTES should be used.

<?php echo "Hello " . htmlspecialchars(

$_GET['name'], ENT_QUOTES, 'utf-8'); ?>

htmlentities() Applies HTML entity encoding to all applicable characters to protect the application against XSS. The correct character set and the mode ENT_QUOTES should be used.

<?php echo "Hello " . htmlentities($_GET['name'], ENT_QUOTES, 'utf-8'); ?>

urlencode() Applies URL encoding as seen in the query part of a URL.

<?php $url = "" .

"index.php?param=" . urlencode($_GET['pa']); ?>

addslashes() Applies a simple backslash escaping. The input string is assumed to be single-byte encoded. addslashes() should not be used to protect against SQL injections, since most database systems operate with multi-byte encoded strings, such as UTF-8.

addcslashes() Applies backslash escaping. This can be used to prepare strings for use in a JavaScript string context. However, protection against HTML tag injection is not possible with this function.

mysql_real_escape_string() Escapes a string for use with mysql_query(). The character set of the current MySQL connection is taken into account, so it is safe to operate on multi-byte encoded strings. Applications implementing string escaping as protection against SQL injection attacks should use this function.


$sql = "SELECT * FROM user WHERE" .

 " login='" . mysql_real_escape_string($_GET['login'], $db) . "'";


preg_quote() Should be used to escape user input to be inserted into regular expressions. This way the regular expression is safeguarded from semantic manipulations.


$repl = preg_replace('/^' .

preg_quote($_GET['part'], '/').

'-[0-9]{1,4}', '', $str);


escapeshellarg() Escapes a single argument of a shell command. In order to prevent shell code injection, single quotes in user input are being escaped and the whole string enclosed in single quotes.


system('resize /tmp/image.jpg' .

 escapeshellarg($_GET['w']).' '.



escapeshellcmd() Escapes all meta characters of a shell command in a way that no additional shell commands can be injected. If necessary, arguments should be enclosed in quotes.


system(escapeshellcmd('resize /tmp/image.jpg "' .

 $_GET['w'].'" "'.

 $_GET['h']. '"'));


  Secure Programming

Securing HTML Output

In order to prevent the execution of JavaScript code originating from user input, it is mandatory to perform a suitable string sanitisation on all dynamic data before any HTML output. The use of htmlentities() is considered sufficient within normal HTML context.

However, if data can be injected into tags or tag attributes, JavaScript can be executed by means of event handlers such as onClick or by modifying style attributes. For these cases it is recommended to apply a whitelist filter allowing only predefined tag attributes or style sheets to be inserted.

URLs within tag attributes must be checked as well. Some URI schemes, such as data: [removed] and [removed] can be used to execute code. Therefore only specific schemes should be allowed. Of course, it is always a good idea to encode the query part of a URL appropriately as well.

Finally, data put directly into JavaScript code must be prevented from breaking out of its JavaScript context. JavaScript strings are known to be particularly prone to incorrect escaping.

Regular Expressions

Every user input placed inside regular expressions must be prepared using preg_quote(). Otherwise an injection into the expression‘s logic can easily lead to incorrect application behaviour, buffer overflows, denial of service or application crashes.

HTTP Header Output

HTTP headers can be set using the header() function. User input should always be checked before being passed to header(), otherwise a number of security issues become relevant.

Newline characters should never be used with header() in order to prevent HTTP header injections. Injected headers can be used for XSS and HTTP response splitting attacks, too. In general, user input should be handled in a context-sensitive manner.

Dynamic content within parameters to Location or Set-Cookie headers should be escaped by urlencode().

<?php if (strpbrk($_GET['x'], "\r\n"))

die('line break in x'); header("Location: " .


urlencode($_GET['x'])); header("Set-Cookie: mycookie=". urlencode($_GET['x']) .


Looking back, I remember very badly wanting a boyfriend in the third grade, so it didn't surprise me when I came across this list on The Huffington Post, authored by sisters Blaire and Brooke ages 6 and 9, of "boyfriend rules" for their future beaus. (Based, according to their mother, on boyfriend characters from Disney movies and shows like Shake it Up.)

What did surprise me was how precocious some of their requirements are, like "has a good job" and "respects you." I approached