Posts

The Newbie Guide to Ethical Hacking

I hack websites. I’ve been doing it for a long time, across various industries, tech stacks, and programming languages. When I tell people what I do, especially those in the tech community, they often ask how I started and how can they learn more. So today, I’m going to give you a quick intro into the tools and tricks to get started with web hacking. The best way to start is to dive into the details, using some hacking tools.

Here’s how I recommend starting:

  1. Understand the tools of the trade
  2. Understand common attacks and defenses
  3. Practice on test sites

Since we will be focusing on web hacking, a basic understanding and/or refresher may be useful. If so, check out my post on, “Understanding HTTP Basics,” then come back. Don’t worry, its pretty simple but lays the groundwork for later.

Tools of the Trade

The first thing I think anyone trying to get involved with web app security needs to know is how to use the most common web hacking tool, the proxy. Proxies let you intercept HTTP requests and responses, allowing you to fully understand how a website works and lets you uncover security issues. I wrote a post, “Web hacking Tools: Proxies,” which walks through installing and using the most common web proxy used by security people, Burp.

After you spend some time using a web proxy, it’s pretty eye opening to see how some of your favorite sites work, under the covers at the HTTP layer. This is also super-useful during normal development to debug and troubleshoot web application problems.

Common Attacks

Next, you need to gain an understanding of the common attacks hackers use to break-in, so you can test your sites and code for these vulnerabilities. You should check out my article on the iCloud attack here. OWASP provides a list of the top 10 attacks. This is a great place to start, although I should warn you that some of them get into the weed fairly quickly. Once you understand those, you can review sites you build to make sure they are protected.

Practice makes perfect

Armed with your first hacking tool, the web proxy, and an understanding of common attacks, it’s time to put your newfound knowledge to the test with a few hacking challenges. There are a few great sites out there where you can learn and try out hacking techniques without being worried about breaking the law. These are a few of my favorites:

After you brush up on your skills, you can take it to the next level with a few public bug bounty programs. These programs are great because they pay for you finding vulnerabilities in public websites, such as Google, Facebook, and Paypal. Make sure you read all the rules before starting:

If you don’t want to deal with these companies directly, you can also join a bug bounty program through a dedicated bug bounty company. These work with various businesses to test security using a pool of freelance hackers, including you! These two are the best:

26 Ways To Attract And Grow Your First 1000 Subscribers

Here are a few ways to attract and grow your first 1,000 subscribers.

The hardest part of growing your product or business can often be the first part. How do you get your first few subscribers? How do you go from zero to one… to 10, 100, or one thousand?

Before I go any further, I have to reiterate what I say in my class and other places: the most important part of content marketing is creating content that is exceptional — valuable, useful, helpful, and share-worthy. If you don’t have great content, then the strategies below aren’t going to work.

At One Month, we ask ourselves, “would we share this?” This is part of our metric for whether or not a post is great. We don’t always get it right, but we’re learning as we go. We want to deliver extremely valuable, useful, intriguing, thoughtful content that helps you get more of what you want. If we wouldn’t share it with our friends, then you probably won’t share it with yours.

Once you have great content, however, how do you share it?

How do you get your first 1,000 subscribers? Here are some of the tactics and tools that have worked for us across many of our projects:

1. Tell your friends and colleagues about it.

You would be surprised how many people build something and then… expect people to show up. You have to invite them to come see what you’re doing. Send people personal emails or messages telling them exactly what you’ve built, why you think it’s useful for them, and what you’d like them to do with it.

You probably are connected to at least 100, if not 300 people that you can reach out to and let them know what you’re working on. Don’t spam everyone over and over again, but definitely tell them once about what you’re working on.

The trick? Ask people directly to sign up. Don’t expect them to sign up. Write a note to them that says, “I’m starting a newsletter about [TOPIC] and I think you might enjoy it. I’d love it if you signed up!”

2. Ask your friends and network to share it.

Email them and say, “I’m building this new thing, and I’d love to reach more people who would find this useful. Would you help me spread the word by reaching out to 5–10 people who might find this really helpful?”

Email and referrals are two of the best ways to grow signups. One email from a trusted resource to 5–10 people will generate far more signups than a random Facebook post that most of your network misses.

3. Comment helpfully on related blogs and other posts with similar questions.

Content marketing is about creating relevant conversations, not about shouting from the rooftops. Join the conversation by finding active voices and contributing wisdom and ideas to the community.

4. Become an active member in existing communities doing similar work.

Want people to comment on your blog post? Go comment on other people’s work!

5. Use paid advertising (Google, Facebook).

It’s fairly easy to set up a Facebook or a Google Ad, and for a few hundred bucks, you can drive signups. Make sure that you’re driving traffic to a page that has a big sign-up button. Don’t drive traffic to get more “likes” on your facebook fan page or to your website generally, however. Drive them exclusively to an offer (that they sign up with by email) or a place to sign up directly.

6. Make subscribing really easy to do.

It always surprises me when I go to a site and I have a ton of trouble finding out how to subscribe. Add a link in your website’s header, footer, sidebar, at the end of blog posts, in a feature bar, in the middle of blog posts, in the author bio, as a pop-up, as a hello-bar, etc. (You don’t have to do all of them, but do at least 4 different places and test which one is getting the most signups.) Add a page exclusively for signing up.

Start growing your audience today!

7. Add a link to your social profiles.

Add a link to your newsletter or mailing list across all of your social profiles: Facebook, Twitter, LinkedIn, Quora, Google+, Reddit, etc.

8. Add the site to the footer of your email, and invite people to sign up.

Use every single email you send as an opportunity to tell people about your projects.

9. Build a landing page exclusively for getting subscribers.

Dedicate a landing page exclusively for signups, like The Merchant Home does here:

10. Before you launch have only a landing page, dedicated to getting subscribers.

Put up a landing page before you launch.Create mystery and intrigue. Invite people to sign up before you’re ready. Use LaunchRock or another service to help you build this.

11. Force people to enter their email address before they get any content.

I don’t personally recommend this (in fact, I typically hate it), but it works for many people. I’d be remiss to not include it in this list. Use sparingly. People might hate you because of it.

12. Add urgency or a deadline.

Tell people what they’ll miss out on if they don’t sign up right now.

13. Host a webinar or a free event.

People love getting free stuff, and we love seeing what’s happening behind the scenes. Set up a free webinar to share what you’re working on (or your “10 best strategies for X”) and have people sign up with an email address to be notified when the webinar launches and when you do similar things in the future.

(Case in point: we’re hosting a free webinar on Growth Hacking on June 3rd, by the way. Join us!)

14. Make the offer really clear. What do they get for subscribing?

Make a compelling offer for what people get by signing up. “Great content” isn’t a compelling offer. What, exactly, are you going to give to them? Why should they spend their precious time with you, and let you into their inbox? Today’s inboxes are analogous to our living rooms. We don’t let just anyone come in. We invite people in that we want to have a conversation with. Why will they let you in?

“Your email inbox is like your living room. You don’t let just anyone in. It’s your online home, and you protect your space.”

15. Give away a free incentive for subscribing.

Make an offer that people can’t refuse. Some of our best signups come from our free offers — some of the experiments we’ve run here at One Month: we did a month of free writing prompts, offered recordings of our best webinars, and currently have a Growth Hacking Crash Course that people can sign up to for free.

16. Get really clear on who you want to connect with.

Why do you want to connect with them? What is their pain point? And why what you have to offer is different, better, and crazy-useful to the people who need it?

17. Add exit intent popups/offers.

Sumo is a great way to add a smart pop-up to your page, and PopUp Ally is also a great tool. An “exit intent” popup only shows up when the reader demonstrates an intent to leave your page (like moving their cursor to close the window or type in a new URL in the browser). You can “capture” people who are leaving with a bright, colorful exit-intent popup like this:

18. Get people to write for you.

Ask people to guest-post and publish with you. A great way to have people share your website is by asking them to contribute to it. Build your audience by utilizing other people’s existing audiences. They’ll share your site when they share links to their work that’s published on your site.

19. Syndicate your content.

Most of the content in the world, wide, web (that big old place) is only seen by a few thousand people, at most. Get your content shared by distributing it broadly. The same piece of content can be used in 10 different places — syndicated as a column, a blog, excerpts on LinkedIn, re-posts on Medium, etc. Content isn’t precious; you can share it in many, many locations.

Put a sign-up link in each of those locations!

20. Guest post, publish, and write for other people’s websites.

The best way to grow your audience is to play off of other people’s audiences that they’ve already built. Submit awesome content to sites that already have medium-to-big-audiences and watch your traffic grow.

21. Write a monthly column not on your own website, but a well-known website.

HuffPo, Forbes, and many other websites are often looking for monthly columnists and contributors. Build your web presence by writing for someone else — and capturing emails with a freebie on your own website.

22. Join social conversations.

Chime in helpfully in conversations and share your knowledge freely. Respond to and upvote other people’s work. This builds trust and reciprocity and people notice it when other people pay attention to them.

23. Use LinkedIn.

LinkedIn has often one of the best referral sources for our content and for business-related sharing. Use it to syndicate your content. Write blog posts on LinkedIn on a different publishing schedule from your regular content release schedule.

24. Go to conferences, online events, and join chats (like Twitter Hashtag chats) to meet more people in your target market.

25. Write an email newsletter.

Give people someething new to read every month, or a round-up of your favorite stuff on the web. You don’t have to write original content to have a compelling newsletter; if you link up the top 10 reads each month related to your subject area, that can be a great read. Email marketing is about connecting with people over email; it’s up to you to figure out what way you’ll use email to fit your businesses needs.

And this brings us back to where we started, which is worth repeating:

26. Write amazing content.

This goes without saying, but can be very hard to do. Give people a reason to read, use, and share your stuff. It’s worth the time — and it’s what builds your audience for the long-term.