.

Vulnerabilities in shopping cart applications

<<

tormentor

Newbie
Newbie

Posts: 1

Joined: Fri Jun 19, 2009 6:57 am

Post Fri Jun 19, 2009 7:04 am

Vulnerabilities in shopping cart applications

Hi all.
I am interested in web application security, and the last few months I was studing the shopping cart software which is used in the online shopping sites. Many of the shopping sites are under continious attack by malicious people in order to obtain credit card information from there, so in order to protect some shopping sites simply do not store the credit card information in their databases, but some of the sites do. I guess it depends of the shopping cart software.
So can you tell me more about this - which shopping cart applications store the credit card info and which don't? Are there any other methods of securing these applications against attacks ? How safe are some of the most popular shopping scripts out there ?

Thank you.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1911

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Jun 19, 2009 7:09 am

Re: Vulnerabilities in shopping cart applications

Can't say I've done much research specifically against shopping sites. But as with all web applications, there are certain vulnerabilities to look for. Sounds like a great learning experience.

You should have a look at the OWASP website
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Fri Jun 19, 2009 7:33 am

Re: Vulnerabilities in shopping cart applications

If you want to research this in a practicle sense you can ook at Foundstone's free tools.  They have "Hacme" tools which will simulate online banking and shopping websites which are hackable here http://www.foundstone.com/us/resources-free-tools.asp.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Fri Jun 19, 2009 11:58 am

Re: Vulnerabilities in shopping cart applications

In my opinion the safest way would not to store any cc details at all and instead use a third party processing company like google checkout or paypal, using an encrypted communication channel.

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software