Source: IT CERTIFICATIONS
Scripts, code and other vulnerabilities in your company’s website could leak sensitive data or take you offline. Avoid it by checking yourself with these tools.
Credit: Shutterstock“Most people don’t realize that the vast majority of hacks – more than three quarters – are caused by third-party scripts deployed on websites,” said Hadar Blutrich, CEO of Source Defense, an Israeli security company. “These scripts provide a plethora of essential services, without which the web, as we know it, is impossible. But site owners that put these scripts on their sites, are opening themselves up to whatever security breaches their new ‘partner’ is vulnerable to.”
When hackers get access to those scripts, however, site owners won’t know until it is too late.
That’s why it is so important for companies to have the ability to scan scripts, conduct code reviews and check their website for vulnerabilities. Vulnerabilities can leak sensitive data or take your site offline, which in turn results in a loss of confidence and customers. Luckily there are plenty of tools available that can scan your website and improve your security posture. Here are some of the tools you should consider using:
DigiCert CertCentral platform
We’ve all tried to visit a site that gives us the “invalid certificate” warning that would scare away any untrusting consumer. That’s why organizations need to make sure they are automating discovery and analysis of their digital certificates, including setting up warnings ahead of expiration dates, to avoid downtime or other certificate issues that could turn away customers.
The DigiCert CertCentral platform includes a Certificate Inspector tool that helps an organization find all of its certificates and Transport Layer Security (TLS) endpoints and assigns a letter grade to each. Additionally, Certificate Inspector provides an intuitive dashboard that includes, among other things, certificates that are soon to expire. It provides a list of suggested remediation items for those certificates found to be lacking proper profiles, or those servers that are not sufficiently configured to meet industry best practices.
HTTPS scanning is a feature of Avast Web Shield and is automatically enabled when Avast is installed. HTTPS scanning decrypts and scans encrypted traffic to detect potential malware contained on sites using HTTPS connections. While an HTTPS connection ensures that the connection cannot be modified by anyone else, it does not guarantee that the content contained on the site is clean. Malware scripts and binaries can be placed into an HTTPS page that appears to be safe. The HTTPS scanning feature prevents you from downloading malicious content from sites secured with an HTTPS connection onto your PC.
Dashlane Inbox Scan will reveal just how unsafe you are, via a comprehensive audit of your email account for passwords and other private data that could be hacked. It allows the user to see how many accounts they have signed up to and how many passwords and log-in details are visible in their mailbox and are vulnerable to attacks due to breached, weak or duplicated passwords. And even though many of these accounts may no longer be active, they still represent a serious threat online as they provide an easily unlocked door to your personal data.
The Barracuda Vulnerability Manager is a cloud-based solution that pinpoints vulnerabilities in your websites and web applications quickly and easily, even if you don’t have extensive knowledge about website security. It provides in-depth insight into the vulnerabilities that expose your institution to attacks from inside and outside the organization. The solution is to find a broad spectrum of web application vulnerabilities in applications and underlying infrastructure. These include:
- Injections (SQL injection, OS command injection, LDAP injection, etc.)
- Cross-site scripting (XSS)
- Session and authentication handling issues
- Sensitive information exposure, including potential information leaks, direct access to backup or configuration files, logs or development files
- Forms vulnerable to cross-site request forgery (CSRF)
Almost 70 percent of websites use WordPress as default CMS because it is flexible, easy and does the job. Open source Wpscan searches for vulnerabilities on themes, plugins and the current WordPress version.
(Cross-posted on the Google Open Source Blog)
At Google, we care about giving users the best possible online experience, both through our own services and products and by contributing new tools and industry standards for use by the online community. That’s why we’re excited to announce Guetzli, a new open source algorithm that creates high quality JPEG images with file sizes 35% smaller than currently available methods, enabling webmasters to create webpages that can load faster and use even less data.
Guetzli [guɛtsli] — cookie in Swiss German — is a JPEG encoder for digital images and web graphics that can enable faster online experiences by producing smaller JPEG files while still maintaining compatibility with existing browsers, image processing applications and the JPEG standard. From the practical viewpoint this is very similar to our Zopfli algorithm, which produces smaller PNG and gzip files without needing to introduce a new format, and different than the techniques used in RNN-based image compression, RAISR, and WebP, which all need client changes for compression gains at internet scale.
The visual quality of JPEG images is directly correlated to its multi-stage compression process: color space transform, discrete cosine transform, and quantization. Guetzli specifically targets the quantization stage in which the more visual quality loss is introduced, the smaller the resulting file. Guetzli strikes a balance between minimal loss and file size by employing a search algorithm that tries to overcome the difference between the psychovisual modeling of JPEG’s format, and Guetzli’s psychovisual model, which approximates color perception and visual masking in a more thorough and detailed way than what is achievable by simpler color transforms and the discrete cosine transform. However, while Guetzli creates smaller image file sizes, the tradeoff is that these search algorithms take significantly longer to create compressed images than currently available methods.
|Figure 1. 16×16 pixel synthetic example of a phone line hanging against a blue sky — traditionally a case where JPEG compression algorithms suffer from artifacts. Uncompressed original is on the left. Guetzli (on the right) shows less ringing artefacts than libjpeg (middle) and has a smaller file size.|
And while Guetzli produces smaller image file sizes without sacrificing quality, we additionally found that in experiments where compressed image file sizes are kept constant that human raters consistently preferred the images Guetzli produced over libjpeg images, even when the libjpeg files were the same size or even slightly larger. We think this makes the slower compression a worthy tradeoff.
|Figure 2. 20×24 pixel zoomed areas from a picture of a cat’s eye. Uncompressed original on the left. Guetzli (on the right)
shows less ringing artefacts than libjpeg (middle) without requiring a larger file size.
It is our hope that webmasters and graphic designers will find Guetzli useful and apply it to their photographic content, making users’ experience smoother on image-heavy websites in addition to reducing load times and bandwidth costs for mobile users. Last, we hope that the new explicitly psychovisual approach in Guetzli will inspire further image and video compression research.
Many marketers find keyword research difficult, but it doesn’t have to be! Columnist Janet Driscoll Miller shares her process for finding the right keywords, mapping those keywords to the right content and measuring their effectiveness.
I often teach classes on SEO, and I start my presentations off by talking about keywords. When it comes to organic search, keywords form the foundation of all of our SEO efforts. What search queries do we want our websites to show up for in search results? Everything in SEO really ties back to this fundamental pillar.
The importance of effective keyword research is certainly not lost on marketers. In a November 2016 survey, Ascend2 found that keyword research was one of the top SEO tactics, but more than a third of respondents indicated that it was a difficult task:
Keyword research doesn’t have to be difficult, though. Keywords are simply the words and phrases that our buyers are likely to use when trying to find our products and services. We just need to put ourselves in the mind of our customers and prospects — and that starts with personas.
Tying keywords to personas
Personas often contain both demographic and psychographic information. They tell us everything from gender to geographic location to extracurricular activities. To start building personas to understand your prospects better, it’s helpful to start with people who have already purchased your product or service. So, what do your current customers look like?
Pull your customer list. What are the titles, ages, industries and geographic locations of your current customers? Some data is directly available in the customer record. For example, if you sell running shoes online, you likely have your customers’ shipping addresses and ZIP codes. Which geographic areas perform best for you?
To understand customers beyond the customer data you collect, try incorporating data from social media platforms. For example, if you sell business services, look at your customers’ LinkedIn profiles. These are all public profiles rich with information. Are there patterns you see here? What experience level, degree and department are listed on their profiles?
Also try uploading your customer list to Facebook’s Audience Insights tool. What characteristics does Facebook know about your audience?
Once you know more about your audience, you can begin to put yourself in their place. What types of keywords would this audience need to search to find your product?
Map the keywords to the buying cycle
Don’t rely on only broad or only very specific keywords and phrases. Instead, consider the buyer’s journey when developing keywords. When someone is just starting the journey, searches and questions the person will ask may be broader in nature, but the searches and questions become more specific as the buyer gets closer to purchase. Let’s use the example of running shoes. When I’m starting my comparison shopping, my queries might be:
- Running shoes for women
- Best running shoes for women
- Navy blue running shoes
At this point, I’m in the Awareness phase — I’m becoming aware of what options exist for my basic criteria.
As I move through the buyer’s journey and begin to become aware of options and brands, my searches will likely become more specific, looking perhaps for special features, like:
- Long distance women’s running shoes
- Asics vs. New Balance running shoes
- Asics Kayano running shoes
- Compare Asics running shoes
I’m now in the Comparison phase — comparing various brands and their features to determine which particular shoe is the best for me.
Finally, I may get very specific as I settle in on a specific shoe that I want:
- Asics women’s GT-1000 4 running shoes midnight
Now I’m in the purchase phase. I know exactly which shoe I want. I’ve got a very specific search — down to the color and model.
Ideally, you’ll want a combination of keywords from all stages of the buying cycle so that you can attract and convert customers through organic search.
But how do you know what keywords are appropriate at various buying cycle stages? Imagine you’re a customer starting your search from the awareness phase. What questions are you likely to have? Find keywords that reflect questions and answers that prospective customers are likely to ask.
Google Suggest is a great place to begin mining these potential leads for keywords. For example, using the Keyword Tool Dominator, I can see Google Suggest queries that show up around a term like “women’s running shoes”:
From the list on the left, I found keywords and added to the list on the right to narrow down some selections. Some questions I can see forming from these keywords based on what searchers are entering:
- Where can I buy running shoes?
- What are the best rated running shoes?
- What are the best running shoes for my knees?
- Which running shoes have the best ankle support?
- Which running shoes have the best arch support?
- Which running shoes can I also use for hiking?
There are many different keyword research tools available, so find several you like to create your keyword list. You can also refer to the keywords that convert best in your paid search accounts. If you know that those keywords are converting in paid search, also optimize them in organic search.
Mapping keywords to content
Now that we know which questions people are asking, and we’ve found keywords to match those queries, we need to map those keywords to content on our site that answers those questions. This may mean creating new content on your site as well.
For example, let’s take the question about combo running/hiking shoes. We can write a blog post on the site’s blog about shoes that are suitable for running and hiking. Perhaps you could do a field test — show the shoes in action. How did they hold up? And from that blog post, you can link to the product pages for readers that want to purchase those shoes.
Measuring keyword effectiveness
After all of this keyword work, you may wonder how you can track the effectiveness of each keyword in your organic search efforts. This is where it gets tricky — you can’t really accurately track the keyword organically as well as you might like.
Within the past several years, Google and Bing both made a decision to encrypt searches, meaning that this data is no longer passed on to analytics platforms like Google Analytics. Instead, you’ll see a lot of keywords showing up as “(not provided).”
Using any data in the Google Analytics report as a basis for keyword development or measurement will be highly inaccurate, since such a high percentage of these organic keywords are not shown. In my case, nearly 94 percent of my organic keyword data from last month was hidden:
Google Search Console data can be helpful in many ways, and it does show a list of actual queries searchers used to find your site, where you are ranked, click-through rate and more. However, Russ Jones wrote a great piece about the reliability of Google Search Console data. In that piece he made two fantastic points to remember:
- The organic search data you see in Google Search Console is only a sample of all of the data, and we don’t know exactly what percentage of the data comprises that sample.
- This data is an average taken over a time period. While you may have ranked highly on a term a month ago, you may not today. But the average may make the data appear that you are somewhere in the middle of where you ranked then and where you rank now (i.e., the mean or perhaps the median).
So what should you do? When I teach SEO, I often recommend only using one keyword or phrase per page to really focus on that topic on the page. If you keep track of which pages contain specific keywords, use analytics data to track organic traffic improvements to that page over time. Is organic traffic increasing? Your goal is to increase traffic to increase conversions, so if you’re successful driving more organic traffic to that page, you’re on your way — and keyword research, along with content editing, likely helped influence that.
Keywords don’t have to be difficult. They play an important role in driving organic traffic and ultimately conversion, so spend some time really delving into your keywords and mapping them to the buying cycle. You may have to undertake keyword research fairly regularly as well, depending on how often your products and service change.
The millennial generation today consumes a lot of information channelized to them via social media platforms. Rather than hoping from one website to another, they would rather make a comprehensive list of what they wish to follow and consume news stories, updates about civic bodies, give their opinion on current issues and procure information about favorite brands on these platforms.
Today social media channels have emerged as a strong contender existing traditional means of communication for brands – which includes television,print and billboards.
Platforms like Twitter drives engagement via retweets and hash tags, Instagram boosts engagement by using interesting and well-captioned pictures
Likewise, Facebook’s strength lies in its unparalleled reach of 184 Million consumers who access the platform every month, and the fact that it gives brands the ability to curate stories, experiment with videos and content and motion pictures. Facebook’s creative ad formats like PockeTVC, carousels and others help brands to tell a story in a unique and impactful manner. Facebook’s ad formats including image, video, and carousel can generate instant awareness of the nearest business location and provide information the customer needs to get there and even helps large established brands drive in-store sales.
Understanding your audience
Facebook helps brand reach the right set of target audience covering demographic interest & behaviour segments. A native store locator is available for carousel. The store locator makes ads more useful for consumers by putting contact information and openings hours of nearby stores only one tap away. Using these tools, Facebook has the capacity to successfully encourage the customer to visit the nearby store of the particular brand. Even for ad formats like Carousel, Photo and Video Ads that are aimed at driving awareness, 3rd parties like Nielsen have measured and proven that the awareness impact translates to lift in sales from actual physical stores.
Over the last year, Facebook for business has extensively worked with traditional brick and mortar brands and helped them bridge the online to offline gap. Using features like slideshow, carousal ads and more, these brands have been able to reach out to their target audience who are active users of Facebook on mobile and desktop.
Campaigns that have worked for traditional brands
Driving footfall was important for jewelry brand Tanishq, which has 160 stores in 80 cities across India. Most of us still like to touch and feel the jewelry before making a final decision but that doesn’t mean that does not stop the brand to entice its customers to visit their stores.
The brand chose to showcase its designs with stunning close-up shots using carousel ads to catch people’s attention. Crucially, it led them to its offline stores by including a “Shop Now” call-to-action button that brought people to its website, where they could get a discount voucher to be redeemed in-store. The incentive paid off, and Tanishq saw a 30% increase in in-store sales among 25- to 44-year olds during its campaign as well as an increase in in-store footfall, as measured by actual sales data from the client.
Taking a multi-screen approach to driving sales, popular women’s hair removing cream Veet used Facebook to bolster its TV ads and strengthen its campaign with the aim of encouraging women to buy its hair removal cream. The brand partnered with creative agency iContract and Facebook’s Creative Shop to devise an integrated campaign and adapt its existing TV ad into snappier video ads. To ramp things up, it powered the ads with reach and frequency buying to reach 18- to 55-year old women in India on a massive scale. This robust multi-screen strategy made an impact on Veet’s target audience, resulting in 11% incremental lift in in-store sales in a market where Facebook ads were implemented vs. a market where they were not. This was proven by Nielsen’s Matched Market Methodology on not just Veet but for other FMCG brands like Garnier too.
In an era of emerging e-commerce stores and innovative marketing technologies, it has become imperative for brick and mortar brands to opt for modern techniques to keep their consumers engaged. The affordability and feasibility of tools, makes Facebook an obvious choice for brands trying to rework their advertising campaigns and garner more millennial interest for their products.