You have a website on Magento and you would like to make sure that this site is indeed secure. Don't look any further, we have the solution for your Magento website. HTTPCS offers you to ensure your cyber security. With its easy-to-use, turnkey online vulnerability scanner, discover your security vulnerabilities, their criticality levels and how to fix them. Protect yourself from hacking attempts. Nothing simpler, simply create an HTTPCS account and audit your site (configuration of your choice: default or customizable). Have you corrected your security flaws? Let your users know that their data are secure thanks to a certification seal. You will be compliant with ISO and RGPD law.
Magento is a Content Management System dedicated to the ecommerce website. Created in 2008 by the American company Varien, Magento is developed with an open source way. Very popular among e-merchants for the wealth of native features it offers, Magento has become the world market leader. With a simple and intuitive ergonomics, Magento does not require any special technical knowledge to be used. The strength of this solution is its ability to progress over time. In fact, it will allow you to move from a simple and basic online store, to more ambitious and complex projects, simply by making it evolve over the years and without having to change your tools.
Like its competitors, it is possible to develop extensions without necessarily being a professional developer. These extensions are available on the Magento's "market place". Themes are also available to download if you want to change the look of your interface.
With more than 800,000 developers, Magento is the CMS which has the largest and most active community. Regularly plugins and extensions are developed, allowing to implement, easily and at low cost, new features on your website. Extensions are developed by the community but are not always verified by professionals. They may contain vulnerabilities which could compromise the availability of your site and the integrity of your data.
In April 2017, web experts discovered a vulnerability to download and execute a malicious code on a server hosting an ecommerce store. With Magento, it is possible to add videos and images as thumbnails in the product list. It is within the feature which allows to recover the images and videos that is the vulnerability. The experts found that by pointing the image source to another file type (PHP for example), the latter is downloaded in order to be validated. If the tool finds that the file is not an image, an error will be returned but the file will not be deleted. The uploaded file on the server can now serve as a backdoor. A hacker could use it to navigate on the server, access configuration files, and retrieve database connection credentials of the site. The consequences could be disastrous as all customer informations would be compromised and bank details could be sold on the darknet, for example.
HTTPCS offers you a complete solution to protect your ecommerce website against piracy. Compatible with the Magento CMS, the vulnerability scanner detects the slightest security flaw. Despite the numerous updates of the themes, the extensions and the Magento software itself, a flaw can be identified at any time!
Don't wait until you are a victim of hacking to secure your website. A proactive approach is the key to secure your Magento website. Choose the HTTPCS SECURITY solution.
To go further in a cyber security approach, our 3 complementary tools offer a secure site: live verification of your site’s availability, the reliability of your content or an attack that is being prepared against your organization through cyber vigilance.
A Magento extension is provided free of charge. It is called "HTTPCS Validation" and makes it easier to identify your website. It allows to verify who the owner is, a mandatory step to scan your vulnerabilities.
Once downloaded and installed, please enter your contact information. The Magento extension will then create a single authentication file on your Magento website which will validate it.