Prestashop is an open source software for creating and managing e-commerce websites. Developed in 2007 by five engineers from Epitech school, Prestashop is now used by more than 250,000 e-commerce websites in the world (50,000 in France). In France this CMS represents 34% of market shares, 10 years after its launch. With an interface relatively similar to Wordpress, the software allows you to easily manage your e-commerce website (content, products and payments management,...). Not requiring any special technical knowledge, this CMS has become very popular among e-merchants for its simplicity of use and its handiness.
If the basic features are not sufficient, it is quite possible to extend it. Indeed, like any CMS, Prestashop offers a bunch of modules on its "market". Everyone can develop his own module and share it to the members of the Prestashop community. In addition to the modules, themes are available to customize your online shop.
Prestashop is more and more popular among web user, and is also often the victim of cyber attacks. Modules and themes are developed by the community but not always verified by professionals. These ones can cause vulnerabilities that could compromise your website availability and your data integrity.
If you used Prestashop, you have probably heard about this security flaw which compromised all versions up to 1.6.1. This vulnerability was present in the password generation system of the administration. The passwords were not enough randomly generated and could be predicted (under certain complex conditions) by a malicious person. This vulnerability can have serious consequences because a malicious person, with an access to the administration, would have total control of the e-commerce website. He could be able to add, delete or modify prices, access to all your data (customer information), act on the availability of your website... Even if this vulnerability has been corrected by Prestashop, it has nevertheless potentially affected all sites using this technology since all the versions were impacted.
HTTPCS experts developed a plugin to identify and validate website. Once validated, it can be analyzed by our vulnerabilities detection technology. Aware of the impact caused by the vulnerabilities present in the CMS, our tool will enable you to ensure the security of your website despite the multiple updates of themes, plugins and the software itself. Do not wait to be victim of an attack to protect your website. Take a proactive approach using HTTPCS technology.
Our "HTTPCS Validation" plugin will be available for free soon. Once installed you will have to fill in some informations about your contact details. The plugin will make a unique file on your server which will allow the HTTPCS service to validate your website. This identification file is essential to our technology. Without it, you will not be able to launch the vulnerability scanner.