ProductCart Shopping Cart Software Forums : Web Application Penetration Testing?

ProductCart Shopping Cart Software Forums : Web Application Penetration Testing? https://forum.productcart.com/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Sat, 11 Apr 2026 07:17:03 +0000 Mon, 21 Dec 2009 15:23:29 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.04 360 https://forum.productcart.com/RSS_post_feed.asp?TID=3243 <![CDATA[ProductCart Shopping Cart Software Forums]]> https://forum.productcart.com/forum_images/pc_logo_50.png https://forum.productcart.com/ <![CDATA[Web Application Penetration Testing? : Hi, For those following this thread,...]]> https://forum.productcart.com/web-application-penetration-testing_topic3243_post12427.html#12427 Author: Hamish
Subject: 3243
Posted: 21-December-2009 at 3:23pm

Hi,
For those following this thread, who may be concerned, we can confirm there is not a security issue.
]]> Mon, 21 Dec 2009 15:23:29 +0000 https://forum.productcart.com/web-application-penetration-testing_topic3243_post12427.html#12427 <![CDATA[Web Application Penetration Testing? : I discussed the urgency of this...]]> https://forum.productcart.com/web-application-penetration-testing_topic3243_post12426.html#12426 Author: Greg Dinger
Subject: 3243
Posted: 21-December-2009 at 12:22pm

I discussed the urgency of this matter with Lora and she is making arrangements to submit a ticket right away.]]> Mon, 21 Dec 2009 12:22:12 +0000 https://forum.productcart.com/web-application-penetration-testing_topic3243_post12426.html#12426 <![CDATA[Web Application Penetration Testing? : I'm buying the support plan...]]> https://forum.productcart.com/web-application-penetration-testing_topic3243_post12425.html#12425 Author: loracady
Subject: 3243
Posted: 21-December-2009 at 12:19pm

I'm buying the support plan in a minute.

]]> Mon, 21 Dec 2009 12:19:23 +0000 https://forum.productcart.com/web-application-penetration-testing_topic3243_post12425.html#12425 <![CDATA[Web Application Penetration Testing? : Hi Hamish-- Thanks for your response...]]> https://forum.productcart.com/web-application-penetration-testing_topic3243_post12424.html#12424 Author: loracady
Subject: 3243
Posted: 21-December-2009 at 12:09pm

Hi Hamish-- Thanks for your response and your edit of my post! I didn't buy my version of PC from Early Impact, so I can't raise a support ticket. (At least I don't think I can.)

]]> Mon, 21 Dec 2009 12:09:16 +0000 https://forum.productcart.com/web-application-penetration-testing_topic3243_post12424.html#12424 <![CDATA[Web Application Penetration Testing? : Hi Lorcady, Sorry, edited your...]]> https://forum.productcart.com/web-application-penetration-testing_topic3243_post12423.html#12423 Author: Hamish
Subject: 3243
Posted: 21-December-2009 at 11:48am

Hi Lorcady,
Sorry, edited your post to remove the name of the page, just in case it's a real vulnerability as it's not a good idea to indicate to the bad guys where to go and attack stores !
Please raise a support ticket so that we can investigate the issue in detail. Most of the time vulnerabilities are due to false alarms or site specific edits, although the latter seems unlikely on this page.
]]> Mon, 21 Dec 2009 11:48:26 +0000 https://forum.productcart.com/web-application-penetration-testing_topic3243_post12423.html#12423 <![CDATA[Web Application Penetration Testing? : Speaking of McAfee Secure: We...]]> https://forum.productcart.com/web-application-penetration-testing_topic3243_post12422.html#12422 Author: loracady
Subject: 3243
Posted: 21-December-2009 at 11:40am

Speaking of McAfee Secure: We recently signed up for it. I keep getting notifications of vulnerabilities: 1. Login is not over a secure connection. I fixed that one (or so I thought, but I keep getting the notifications anyway.) What else can I do to fix this vulnerability? 2. Today I received one that is really over my head: Potentially Exploitable SQL Injection on *****.asp. I am using Product Cart 3.51a. I don't have a clue how to fix this one. Any ideas?

(Edited by Hamish - Sorry Lorcady, See following post in a moment)

Edited by Hamish - 21-December-2009 at 11:42am]]> Mon, 21 Dec 2009 11:40:03 +0000 https://forum.productcart.com/web-application-penetration-testing_topic3243_post12422.html#12422 <![CDATA[Web Application Penetration Testing? : We know of several customers using...]]> https://forum.productcart.com/web-application-penetration-testing_topic3243_post12133.html#12133 Author: ProductCart
Subject: 3243
Posted: 25-November-2009 at 8:02pm

We know of several customers using McAfee Secure. We use it ourselves at Early Impact. You can sign up for free PCI compliance testing from McAfee and then upgrade to McAfee Secure here.]]> Wed, 25 Nov 2009 20:02:10 +0000 https://forum.productcart.com/web-application-penetration-testing_topic3243_post12133.html#12133 <![CDATA[Web Application Penetration Testing? : Greetings! Has anyone used a third...]]> https://forum.productcart.com/web-application-penetration-testing_topic3243_post12129.html#12129 Author: bryanb
Subject: 3243
Posted: 25-November-2009 at 3:58pm

Greetings! Has anyone used a third party auditing or security firm to perform web application penetration testing against a fully patched version of 3.x? We've performed and mitigated issues related to network penetration testing from a QSA, now I need to kick the testing into the application. If you've done this, who did you use and were you pleased with the service? What can I expect in terms of cost? Anything you would like to share about the experience would be great!

Thx!
Bryan]]> Wed, 25 Nov 2009 15:58:37 +0000 https://forum.productcart.com/web-application-penetration-testing_topic3243_post12129.html#12129