Getting Started - Web Application Penetration Testing?

Print Page | Close Window

Web Application Penetration Testing?

Printed From: ProductCart E-Commerce Solutions
Category: ProductCart
Forum Name: Getting Started
Forum Description: Installing, activating, and getting started with ProductCart
URL: https://forum.productcart.com/forum_posts.asp?TID=3243
Printed Date: 30-November-2024 at 11:54pm
Software Version: Web Wiz Forums 12.04 - http://www.webwizforums.com

Topic: Web Application Penetration Testing?

Posted By: bryanb
Subject: Web Application Penetration Testing?
Date Posted: 25-November-2009 at 3:58pm

Greetings! Has anyone used a third party auditing or security firm to perform web application penetration testing against a fully patched version of 3.x? We've performed and mitigated issues related to network penetration testing from a QSA, now I need to kick the testing into the application. If you've done this, who did you use and were you pleased with the service? What can I expect in terms of cost? Anything you would like to share about the experience would be great!

Thx!
Bryan

Replies:

Posted By: ProductCart
Date Posted: 25-November-2009 at 8:02pm

We know of several customers using McAfee Secure. We use it ourselves at Early Impact. You can sign up for http://www.earlyimpact.com/productcart/mcafee/ - free PCI compliance testing from McAfee and then upgrade to McAfee Secure http://www.earlyimpact.com/productcart/mcafee/ - here .

-------------
The ProductCart Team

Home of ProductCart http://www.productcart.com" rel="nofollow - shopping cart software

Posted By: loracady
Date Posted: 21-December-2009 at 11:40am

Speaking of McAfee Secure: We recently signed up for it. I keep getting notifications of vulnerabilities: 1. Login is not over a secure connection. I fixed that one (or so I thought, but I keep getting the notifications anyway.) What else can I do to fix this vulnerability? 2. Today I received one that is really over my head: Potentially Exploitable SQL Injection on *****.asp. I am using Product Cart 3.51a. I don't have a clue how to fix this one. Any ideas?

(Edited by Hamish - Sorry Lorcady, See following post in a moment)

-------------
www.TheSleepShop.com

Posted By: Hamish
Date Posted: 21-December-2009 at 11:48am

Hi Lorcady,
Sorry, edited your post to remove the name of the page, just in case it's a real vulnerability as it's not a good idea to indicate to the bad guys where to go and attack stores !
Please raise a support ticket so that we can investigate the issue in detail. Most of the time vulnerabilities are due to false alarms or site specific edits, although the latter seems unlikely on this page.

-------------
Editing ProductCart Code?

See http://wiki.earlyimpact.com/developers/editcode" rel="nofollow - WIKI Guidelines for Editing ProductCart's ASP Source Code

Posted By: loracady
Date Posted: 21-December-2009 at 12:09pm

Hi Hamish-- Thanks for your response and your edit of my post! I didn't buy my version of PC from Early Impact, so I can't raise a support ticket. (At least I don't think I can.)

-------------
www.TheSleepShop.com

Posted By: loracady
Date Posted: 21-December-2009 at 12:19pm

I'm buying the support plan in a minute.

-------------
www.TheSleepShop.com

Posted By: Greg Dinger
Date Posted: 21-December-2009 at 12:22pm

I discussed the urgency of this matter with Lora and she is making arrangements to submit a ticket right away.

-------------
GreyBeard Design Group

Certified ProductCart Developer

Web Design/Development/Hosting

http://tinyurl.com/5c8t4t" rel="nofollow - Add-Ons & Custom Code |

Posted By: Hamish
Date Posted: 21-December-2009 at 3:23pm

Hi,
For those following this thread, who may be concerned, we can confirm there is not a security issue.

-------------
Editing ProductCart Code?

See http://wiki.earlyimpact.com/developers/editcode" rel="nofollow - WIKI Guidelines for Editing ProductCart's ASP Source Code