|
Web Application Penetration Testing? |
Post Reply 
|
| Author | |
Hamish 
Admin Group 
Joined: 12-October-2006 Location: United Kingdom Status: Offline Points: 56 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Web Application Penetration Testing?Posted: 21-December-2009 at 3:23pm |
|
Hi,
For those following this thread, who may be concerned, we can confirm there is not a security issue. |
|
 |
|
|
Greg Dinger
Certified ProductCart Developers 
Joined: 23-September-2006 Location: United States Status: Offline Points: 238 |
Post Options
Thanks(0)
Quote Reply
Posted: 21-December-2009 at 12:22pm |
|
I discussed the urgency of this matter with Lora and she is making arrangements to submit a ticket right away.
|
|
|
|
|
loracady
Newbie 
Joined: 28-December-2007 Location: United States Status: Offline Points: 2 |
Post Options
Thanks(0)
Quote Reply
Posted: 21-December-2009 at 12:19pm |
|
I'm buying the support plan in a minute. |
|
|
www.TheSleepShop.com
|
|
|
|
|
loracady
Newbie
Joined: 28-December-2007 Location: United States Status: Offline Points: 2 |
Post Options
Thanks(0)
Quote Reply
Posted: 21-December-2009 at 12:09pm |
|
Hi Hamish-- Thanks for your response and your edit of my post! I didn't buy my version of PC from Early Impact, so I can't raise a support ticket. (At least I don't think I can.) |
|
|
www.TheSleepShop.com
|
|
|
|
|
Hamish
Admin Group
Joined: 12-October-2006 Location: United Kingdom Status: Offline Points: 56 |
Post Options
Thanks(0)
Quote Reply
Posted: 21-December-2009 at 11:48am |
|
Hi Lorcady,
Sorry, edited your post to remove the name of the page, just in case it's a real vulnerability as it's not a good idea to indicate to the bad guys where to go and attack stores ! Please raise a support ticket so that we can investigate the issue in detail. Most of the time vulnerabilities are due to false alarms or site specific edits, although the latter seems unlikely on this page. |
|
|
|
|
loracady
Newbie
Joined: 28-December-2007 Location: United States Status: Offline Points: 2 |
Post Options
Thanks(0)
Quote Reply
Posted: 21-December-2009 at 11:40am |
|
Speaking of McAfee Secure: We recently signed up for it. I keep getting notifications of vulnerabilities: 1. Login is not over a secure connection. I fixed that one (or so I thought, but I keep getting the notifications anyway.) What else can I do to fix this vulnerability? 2. Today I received one that is really over my head: Potentially Exploitable SQL Injection on *****.asp. I am using Product Cart 3.51a. I don't have a clue how to fix this one. Any ideas?
(Edited by Hamish - Sorry Lorcady, See following post in a moment) Edited by Hamish - 21-December-2009 at 11:42am |
|
|
www.TheSleepShop.com
|
|
|
|
|
ProductCart
Admin Group
ProductCart Team Joined: 01-October-2003 Status: Offline Points: 135 |
Post Options
Thanks(0)
Quote Reply
Posted: 25-November-2009 at 8:02pm |
|
We know of several customers using McAfee Secure. We use it ourselves at Early Impact. You can sign up for free PCI compliance testing from McAfee and then upgrade to McAfee Secure here.
|
|
|
|
|
bryanb
Newbie
Joined: 25-November-2009 Status: Offline Points: 0 |
Post Options
Thanks(0)
Quote Reply
Posted: 25-November-2009 at 3:58pm |
|
Greetings! Has anyone used a third party auditing or security firm to perform web application penetration testing against a fully patched version of 3.x? We've performed and mitigated issues related to network penetration testing from a QSA, now I need to kick the testing into the application. If you've done this, who did you use and were you pleased with the service? What can I expect in terms of cost? Anything you would like to share about the experience would be great!
Thx! Bryan |
|
|
|
|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options