Penetration Testing

Hi,

We are currently accessing the feasibility of nopCommerce and have been asked about penetration testing, does anyone have any penetration testing reports they are willing to share or a case study we could look at?

Thanks.

Regards,
Shawn

Please explain what do you mean by "penetration testing".

Hi,

Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.

What I am looking for is a report or case study from a company that had a pen test ran against their nopCommerce implementation. I'm not concerned with physical pen testing more around the software-based security vulnerabilities of the system.

Have you checked other posts in this forum?

Duplicated

I checked the forum before posting the only post that mentions pen testing is over 4 years old and it's not exactly conclusive:

https://www.nopcommerce.com/boards/t/25574/penetration-testing.aspx

the outcome being,I think this software (HP Fortify) is a bit weird and currently useless. What does this list of "vulnerable" file names mean? jQuery library? How exactly these vulnerabilities could be used?

I was looking for something with more detail, if nothing exists that's fine we will have to run our own tests.

Regards,
Shawn

Shawn,

I don't remember such test results available on forum. May be you can share it when you're done for future use. Make sure to share it privately with nopCommerce team first if there are severe security issues, so they can patch them before the details are publicly available.

Regards