OWASP and Code Review

Posted: March 13, 2014 at 3:01 PM Quote #118302
Our security team is asking for supporting documentation for assertions of the security of this app.  Essentially, what frameworks are used like OWASP to build the security of the application?  What makes nopCommerce secured?  Does code review happen and any specifics to go with that?  Anyone had success with valid and high quality penetration testing?  I'm just trying to make these people happy which is difficult.  Any links to supporting documentation would be fantastic!  We purchased the User Guide, nothing in there, I have perused the forums, again not finding what I need.  We intend on getting the premium support but not before these questions are answered.

Thanks in Advance!
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: March 13, 2014 at 11:38 PM Quote #118327
sdom726 wrote:
Essentially, what frameworks are used like OWASP to build the security of the application?

We did not use such frameworks. But some users tried (e.g. here). All reported issues have been fixed.

sdom726 wrote:
What makes nopCommerce secured? Does code review happen and any specifics to go with that?

Proper architecture, usage of the best security patterns, a lot of code approaches to avoid some other potential issues.
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Interested in the dedicated Premium support services provided by core developers? Please visit http://www.nopcommerce.com/supportservices.aspx

Regards,
Andrei Mazulnitsyn
Posted: March 14, 2014 at 9:47 AM Quote #118359
Andrei,

I appreciate your quick response and the link to the bug fixes.  Yikes! "proper architecture", etc. that's like saying trust me and that's the issue with security folks they don't trust much.  

If anyone has more information that would be great!

TIA
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: January 09, 2019 at 2:49 AM Quote #217820
Hi,

Like the very first question, we are preparing an e-commerce grant scheme report and one of the questions is about OWASP with nop commerce. We' re using the latest version of nop commerce. Can we get a confirmation that NOP commerce is compliant with this or from where I can get it?

Thanks
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: January 11, 2019 at 4:55 AM Quote #217898
Any feed back please?
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Premium support services
  • Dedicated premium support services provided by core developers are intended for persons who run mission critical websites, work on projects with tight deadlines, or want to get dedicated support.
Professional services
  • Want to open a new store? Want to take your store to the next level? Need a custom extension? We can customize nopCommerce to fit your store perfectly. Request a quote to get started.