Safety tests of the online store
Testing of the online store for the Client’s brand in terms of security, resistance and susceptibility to attacks that enable data leakage and are capable of affecting integrity of the system.
What we did
Within the project, specialists from Sii tested the system in terms of:
- SQL-injection type susceptibilities.
- Cross-Site Request Forgery – CSRF type susceptibilities.
- Cross-Site scripting – XSS type susceptibilities.
- Unnecessary resource and information leakage.
- Cookie files management.
- SSL / TLS encrypting.
- Access to the system of files.
- Password policy.
Work was carried out remotely from the level of the typical user of the online store and was finished by creating a comprehensive report from the tests, which included all discovered susceptibilities of the system and a number of practical recommendations, which helped to increase the security of the system.
On the basis of the provided report, Client considered all comments and recommendations and implemented appropriate protection within the system, thus increasing its security and resistance to attacks.
Burp Suite Pro, nmap, Arachni, scanner, xsser, sqlmap, openssl, dirbuster, sslscan, ssltest, wfuzz and authoring tools