Rafe Hart

Thoughts on security, privacy, and building software.

Nmap & Wireshark

09 December 2014

Both very handy tools, Nmap allows you to scan an object for listening ports, discover services on a network and more. Wireshark lets you log network traffic and analyse it. Both leverage winpcap to work on Windows.

Read More

Stress Testing with Siege, on Cygwin

04 December 2014

Siege is one of many website stress testers. It spawns multiple processes and begins requesting the pages from the target website as rapidly as it can. There is no attempt at obfuscation; it’s very obvious, traceable and blockable, but it is good for seeing how your server will handle under load. You can get the source code from http://www.joedog.org/siege-home

Read More

Installing sqlmap on Cygwin

30 November 2014

Sqlmap is a tool for automating SQL injection discovery and exploitation on your websites, or your clients. Fortuitously it works well via cygwin, though it requires some setting up.

Read More

Smoke & Mirrors?

02 October 2014

The need to promote companies on the internet is pushing many traditional marketers to re-brand themselves as digital marketers, but there is going to be a while before gap between traditional and digital marketing is closed. After spending time optimizing my project site cygwin.rafaelhart.com (Now offline), and other research I’ve come to the following conclusions:

Content is King

All the optimization in the world won’t move a bad page up the search engine rankings, people need to actually want to read it. Good quality content lends itself to being optimized. The benefit of this is that traditional marketing techniques apply here - targeting, tone of voice, etc, and ‘digital marketing’ skills aren’t as relevant.

SEO’s days are numbered, sort of

A great deal of thought has gone into search engine algorithms, and the ability to alter content according to set rules and have the page rank increase dramatically are over. You can write non-optimized content, and it will hit the top of the page rankings if it is popular. Over time we can expect to see the algorithms altered to reduce the effectiveness of SEO that doesn’t add to the content in some fashion. A quick google will bring up dozens of articles decrying SEO’s downfall because structuring and optimizing content will never cease to be relevant, but it’s days of disproportionally altering page rank are over.

Social Media contributes more than SEO optimisation

Just that really. By my measures, 60% of my page views resulted from minimal social media promotion, where the other 40% was from organic search.

So where to next?

Real digital marketing starts with analytics

Many people charged with improving a website make decisions based of their own usage habits, and how they access webpages. One of the key differences between traditional marketing and digital marketing is that where in the old days you could only roughly gauge customer opinion through inferential statistics, feedback forms, and so forth, you can now track them in exacting detail, down to the size of monitor or device they are looking at your page through.

Analytics enables CRO

Like any professional field, digital marketing comes with it’s own terms, and Conversion Rate Optimization is one of these. A/B Testing is probably the best known CRO technique, but the fundamentals are to measure your baseline conversions, make a change, and see how that baseline is effected. You revert changes which aren’t successful, and you keep the ones that are.

Conversions and Funnels

Most unoptimised websites look like a brochure, because that’s what they are intended to replicate. In some cases, that’s all they need to be, but in the majority of cases, each page on the website needs a goal. These goals are conversions - the aim of each page, whether that’s to sign up for a newsletter, create an account, or simply read several pages of content. Once you have established that goal, the website needs to be designed to funnel visitors towards achieving that conversion.

And one other thing…

Security Matters

I can’t help but wonder if I consider this primarily because of my involvement with webapp & server security, but a company’s digital presence is one a high profile manifestation of its brand. A digital team may implement dozens of changes a month, and security should be considered with these, rather than bolted on or palmed off to an external company. There should also be a communication plan in place for when there is a breach.

Having experienced these kinds of breaches before, it helps to be prepared. Happy optimizing!

Read More