Posted by Synopsys Editorial Team on March 30, 2015
Can your customers trust you to process their transactions and safeguard their personal information? Can you be sure online sales follow the business rules you’ve put in place?
If you are like most eCommerce companies, you’ve been pushing the envelope to create applications that are increasingly easy to use, accessible from any device, and personalized to your customers’ favorite content and buying habits. Your customers can browse a seemingly limitless menu of products and place orders anywhere, anytime, with the swipe of a finger.
Unfortunately, advances in eCommerce have also attracted a sophisticated invasion of new security threats. Online criminals are bolder and more creative than ever in how they exploit eCommerce weaknesses, stealing personal data, and disrupting sales. Just one successful attack can wreak havoc on your reputation and cost you money and customers.
So, what can you do to protect your business?
Specialized penetration testing is tailored to eCommerce functional modules and can identify issues specific to eCommerce design, including mobile payments and integrations with third-party vendors and products. Let’s dig deeper.
Four common categories of vulnerabilities or “flaws” related to eCommerce are:
Make sure your penetration tests consider the scenarios outlined below so you can assess the impact a breach would have on your business.
Order management flaws consist of misuse and abuse of the order placement process. For example:
Coupon and reward management flaws are extremely complex in nature and include:
Some of the most popular attacks on eCommerce applications exploit insecure integration with third-party payment gateways. Examples include:
Most eCommerce applications have back-end content management systems to upload and update content. These systems are often integrated with those of re-sellers, content providers, and partners such as franchises or booking partners. Having more partners leads to more complexity, so it’s important to watch for the following red flags:
Do you sell physical or digital items, handle money or payments, or store sensitive visitor information? Then you need eCommerce-specific penetration testing.
Your online business depends on secure management. As eCommerce threats evolve and hackers become even more savvy, even the most cutting-edge systems are vulnerable to attack.
Make sure your application testing team or any testing partner you use understands the importance of penetration testing in an eCommerce environment and can include ethical hacking scenarios that map to your business process.
Remember that finding the issues is only the first step in defending against hackers. Once your penetration tests identify the flaws, it’s time to put together a plan for secure design so you – and your customers – can fully trust in your eCommerce applications.
Get the latest AppSec news and trends sent directly to you.