I was wondering if anyone has performed a penetration test on 3.10?
I just ran it through HP Fortify on demand free and it came back with some issues relating to cross-site scripting, open redirect, code injection and header manipulation.
I think this software (HP Fortify) is a bit weird and currently useless. What does this list of "vulnerable" file names mean? jQuery library? How exactly these vulnerabilities could be used?
I think this software (HP Fortify) is a bit weird and currently useless. What does this list of "vulnerable" file names mean? jQuery library? How exactly these vulnerabilities could be used?
you're absolutely right Andrei. the most complete and widely used penetration testing software is the Acunetix Vulnerability Scanner and believe me, i do run it for every release build and every upgrade. it has never found anything to worry about, something really hard to maintain with the frequent releases and/or fixes nop has.
Just recently passed PCI Complience with McAffee (excluding SSL as it was not installed at that moment). That was really heavy bombing our website with dangerous requests. So, NopCommerce is safe to use.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.