Home  >  Forums  >  General  >  Security  >  Penetration Testing

Penetration Testing

Posted: October 02, 2017 at 7:34 AM Quote #193938
Hi,

We are currently accessing the feasibility of nopCommerce and have been asked about penetration testing, does anyone have any penetration testing reports they are willing to share or a case study we could look at?

Thanks.

Regards,
Shawn
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: October 02, 2017 at 9:57 AM Quote #193954
Please explain what do you mean by "penetration testing".
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Regards

Eduardo

www.tecnofin.com
nopCommerce Solution Partner
-----------------------------------------------------------
Developer of e-Commerce sites since 1996
Mexico - Chile- Colombia - Costa Rica - Peru
Desarrollo de sitios de comercio electrónico
Posted: October 02, 2017 at 10:21 AM Quote #193958
Hi,

Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.

What I am looking for is a report or case study from a company that had a pen test ran against their nopCommerce implementation. I'm not concerned with physical pen testing more around the software-based security vulnerabilities of the system.
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: October 02, 2017 at 11:00 AM Quote #193963
Have you checked other posts in this forum?
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Regards

Eduardo

www.tecnofin.com
nopCommerce Solution Partner
-----------------------------------------------------------
Developer of e-Commerce sites since 1996
Mexico - Chile- Colombia - Costa Rica - Peru
Desarrollo de sitios de comercio electrónico
Posted: October 02, 2017 at 11:00 AM Quote #193964
Duplicated
This post/answer is useful
0
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Regards

Eduardo

www.tecnofin.com
nopCommerce Solution Partner
-----------------------------------------------------------
Developer of e-Commerce sites since 1996
Mexico - Chile- Colombia - Costa Rica - Peru
Desarrollo de sitios de comercio electrónico
Posted: October 02, 2017 at 11:29 AM Quote #193966
I checked the forum before posting the only post that mentions pen testing is over 4 years old and it's not exactly conclusive:

https://www.nopcommerce.com/boards/t/25574/penetration-testing.aspx

the outcome being,I think this software (HP Fortify) is a bit weird and currently useless. What does this list of "vulnerable" file names mean? jQuery library? How exactly these vulnerabilities could be used?

I was looking for something with more detail, if nothing exists that's fine we will have to run our own tests.

Regards,
Shawn
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Posted: October 03, 2017 at 1:44 AM Quote #194010
Shawn,

I don't remember such test results available on forum. May be you can share it when you're done for future use. Make sure to share it privately with nopCommerce team first if there are severe security issues, so they can patch them before the details are publicly available.

Regards
This post/answer is useful
1
This post/answer is not useful

Please login or register
to vote for this post.

(click on this box to dismiss)
Pls up-vote the answer, if it helps you! :)

nopAccelerate - Faster, Reliable & Scalable nopCommerce
http://www.nopAccelerate.com/

nopCommerce Solution Partner
Microsoft Action Pack Partner

nopCommerce | Solr | Performance | Azure | BI | Analytics
Premium support services
  • Dedicated premium support services provided by core developers are intended for persons who run mission critical websites, work on projects with tight deadlines, or want to get dedicated support.
Professional services
  • Want to open a new store? Want to take your store to the next level? Need a custom extension? We can customize nopCommerce to fit your store perfectly. Request a quote to get started.
eCommerce CONFERENCE 2017
Learn more