HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 44 guests and 1 member online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow Vulnerabilities in shopping cart applications
EH-Net
May 21, 2013, 07:38:46 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Vulnerabilities in shopping cart applications  (Read 3804 times)
0 Members and 1 Guest are viewing this topic.
tormentor
Newbie
*
Offline Offline

Posts: 1


View Profile
« on: June 19, 2009, 07:04:39 AM »
Hi all.
I am interested in web application security, and the last few months I was studing the shopping cart software which is used in the online shopping sites. Many of the shopping sites are under continious attack by malicious people in order to obtain credit card information from there, so in order to protect some shopping sites simply do not store the credit card information in their databases, but some of the sites do. I guess it depends of the shopping cart software.
So can you tell me more about this - which shopping cart applications store the credit card info and which don't? Are there any other methods of securing these applications against attacks ? How safe are some of the most popular shopping scripts out there ?

Thank you.
Logged
BillV
Hero Member
*****
Offline Offline

Posts: 1892


View Profile WWW
« Reply #1 on: June 19, 2009, 07:09:10 AM »
Can't say I've done much research specifically against shopping sites. But as with all web applications, there are certain vulnerabilities to look for. Sounds like a great learning experience.

You should have a look at the OWASP website
Logged
unsupported
Sr. Member
****
Offline Offline

Posts: 318


Unofficial Newbie Moderator


View Profile
« Reply #2 on: June 19, 2009, 07:33:46 AM »
If you want to research this in a practicle sense you can ook at Foundstone's free tools.  They have "Hacme" tools which will simulate online banking and shopping websites which are hackable here http://www.foundstone.com/us/resources-free-tools.asp.
Logged
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
ethicalhack3r
Full Member
***
Offline Offline

Posts: 139


View Profile WWW
« Reply #3 on: June 19, 2009, 11:58:04 AM »
In my opinion the safest way would not to store any cc details at all and instead use a third party processing company like google checkout or paypal, using an encrypted communication channel.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 1.091 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.