ProductCart E-Commerce Solutions Homepage
Forum Home Forum Home > ProductCart > Getting Started
  New Posts New Posts RSS Feed - Web Application Penetration Testing?
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Web Application Penetration Testing?

 Post Reply Post Reply
Author
Message
bryanb View Drop Down
Newbie
Newbie


Joined: 25-November-2009
Status: Offline
Points: 0
Post Options Post Options   Thanks (0) Thanks(0)   Quote bryanb Quote  Post ReplyReply Direct Link To This Post Topic: Web Application Penetration Testing?
    Posted: 25-November-2009 at 3:58pm
Greetings! Has anyone used a third party auditing or security firm to perform web application penetration testing against a fully patched version of 3.x? We've performed and mitigated issues related to network penetration testing from a QSA, now I need to kick the testing into the application. If you've done this, who did you use and were you pleased with the service? What can I expect in terms of cost? Anything you would like to share about the experience would be great!

Thx!
Bryan
Back to Top
ProductCart View Drop Down
Admin Group
Admin Group

ProductCart Team

Joined: 01-October-2003
Status: Offline
Points: 135
Post Options Post Options   Thanks (0) Thanks(0)   Quote ProductCart Quote  Post ReplyReply Direct Link To This Post Posted: 25-November-2009 at 8:02pm
We know of several customers using McAfee Secure. We use it ourselves at Early Impact. You can sign up for free PCI compliance testing from McAfee and then upgrade to McAfee Secure here.
The ProductCart Team

Home of ProductCart shopping cart software
Back to Top
loracady View Drop Down
Newbie
Newbie
Avatar

Joined: 28-December-2007
Location: United States
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote loracady Quote  Post ReplyReply Direct Link To This Post Posted: 21-December-2009 at 11:40am
Speaking of McAfee Secure:  We recently signed up for it.  I keep getting notifications of vulnerabilities:  1.  Login is not over a secure connection.  I fixed that one (or so I thought, but I keep getting the notifications anyway.)  What else can I do to fix this vulnerability?  2.  Today I received one that is really over my head:  Potentially Exploitable SQL Injection on *****.asp.  I am using Product Cart 3.51a.  I don't have a clue how to fix this one.  Any ideas?

(Edited by Hamish - Sorry Lorcady, See following post in a moment)


Edited by Hamish - 21-December-2009 at 11:42am
www.TheSleepShop.com
Back to Top
Hamish View Drop Down
Admin Group
Admin Group


Joined: 12-October-2006
Location: United Kingdom
Status: Offline
Points: 56
Post Options Post Options   Thanks (0) Thanks(0)   Quote Hamish Quote  Post ReplyReply Direct Link To This Post Posted: 21-December-2009 at 11:48am
Hi Lorcady,
  Sorry, edited your post to remove the name of the page, just in case it's a real vulnerability as it's not a good idea to indicate to the bad guys where to go and attack stores !
Please raise a support ticket so that we can investigate the issue in detail. Most of the time vulnerabilities are due to false alarms or site specific edits, although the latter seems unlikely on this page.   
Back to Top
loracady View Drop Down
Newbie
Newbie
Avatar

Joined: 28-December-2007
Location: United States
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote loracady Quote  Post ReplyReply Direct Link To This Post Posted: 21-December-2009 at 12:09pm

Hi Hamish--  Thanks for your response and your edit of my post!  I didn't buy my version of PC from Early Impact, so I can't raise a support ticket.  (At least I don't think I can.) 

www.TheSleepShop.com
Back to Top
loracady View Drop Down
Newbie
Newbie
Avatar

Joined: 28-December-2007
Location: United States
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote loracady Quote  Post ReplyReply Direct Link To This Post Posted: 21-December-2009 at 12:19pm

I'm buying the support plan in a minute. 

www.TheSleepShop.com
Back to Top
Greg Dinger View Drop Down
Certified ProductCart Developers
Certified ProductCart Developers
Avatar

Joined: 23-September-2006
Location: United States
Status: Offline
Points: 238
Post Options Post Options   Thanks (0) Thanks(0)   Quote Greg Dinger Quote  Post ReplyReply Direct Link To This Post Posted: 21-December-2009 at 12:22pm
I discussed the urgency of this matter with Lora and she is making arrangements to submit a ticket right away.
Back to Top
Hamish View Drop Down
Admin Group
Admin Group


Joined: 12-October-2006
Location: United Kingdom
Status: Offline
Points: 56
Post Options Post Options   Thanks (0) Thanks(0)   Quote Hamish Quote  Post ReplyReply Direct Link To This Post Posted: 21-December-2009 at 3:23pm
Hi,
   For those following this thread, who may be concerned, we can confirm there is not a security issue.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.04
Copyright ©2001-2021 Web Wiz Ltd.

This page was generated in 0.063 seconds.