Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

What could possibly go wrong? Security in Magento Shops

Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Cargando en…3
×

Eche un vistazo a continuación

1 de 28 Anuncio

What could possibly go wrong? Security in Magento Shops

Descargar para leer sin conexión

Stolen customer data, unreachable shops, blackmailings - there is a long list of possible attacks on Magento shops. Andreas von Studnitz, doing Magento shops since 2008, talks about successful and attempted attacks, about security vulnerabilities and other risks. Learn what you as a shop manager can and should do to protect your shop against attacks of all kinds.

Stolen customer data, unreachable shops, blackmailings - there is a long list of possible attacks on Magento shops. Andreas von Studnitz, doing Magento shops since 2008, talks about successful and attempted attacks, about security vulnerabilities and other risks. Learn what you as a shop manager can and should do to protect your shop against attacks of all kinds.

Anuncio
Anuncio

Más Contenido Relacionado

Presentaciones para usted (20)

Similares a What could possibly go wrong? Security in Magento Shops (20)

Anuncio

Más reciente (20)

Anuncio

What could possibly go wrong? Security in Magento Shops

  1. 1. What could possibly go wrong? Security in Magento Shops • integer_net (Aken / Germany) • Consultant / Developer / Trainer / CEO • Specialist for Magento and Solr • @avstudnitz PHOTO Andreas von Studnitz
  2. 2. PHOTO Real Life Example • One line of code added • Reads all requests in admin and checkout areas • Encodes and stores data in media/cache_6e0a32[…]d53ee065da
  3. 3. PHOTO Real Life Example • Active for 6 months! • 5,628 datasets (email address, name, telephone) • 1,612 passwords • All admin usernames and passwords
  4. 4. Overview Consequences of Attacks Types of Attack Prevention
  5. 5. PHOTO What can possibly go wrong? Consequences of Attacks
  6. 6. PHOTO www.ibm.com/security/data-breach/
  7. 7. PHOTO Stolen User Data
  8. 8. PHOTO Stolen Login Data
  9. 9. PHOTO Stolen Payment Data
  10. 10. PHOTO This guy lost more than 50,000 $ in a data breach
  11. 11. PHOTO Server Attacks
  12. 12. PHOTO
  13. 13. PHOTO
  14. 14. PHOTO How can this happen with Magento? Vulnerabilities
  15. 15. PHOTO Magento Unpatched • Neither installed the latest version • Nor applied important security patches • (Insecure PHP version)
  16. 16. PHOTO Example: Shoplift Bug (patched February 2015)
  17. 17. PHOTO 50,581 Source: byte.nl, April 2016 Magento shops vulnerable to Shoplift: (out of 255.558)
  18. 18. PHOTO Weakly secured Admin Area • http://magento.site/admin/ • http://magento.site/downloader/ • Username “admin” • Low security passwords
  19. 19. PHOTO What can an Attacker do with Admin Access? (1) 1. Log in 2. Upload a custom extension in the Magento Connect Manager (downloader)
  20. 20. PHOTO What can an Attacker do with Admin Access? (2) 1. Log in 2. Inject custom JavaScript in System => Configuration
  21. 21. PHOTO
  22. 22. PHOTO Security issues in extensions • Custom or purchased extensions • SQL Injection, XSS, … • Backdoors • Installation service
  23. 23. PHOTO How can I prevent Attacks?
  24. 24. PHOTO 1. Follow basic Guidelines • Update Magento and PHP • Secure the admin area • Subscribe to the security mailing list
  25. 25. PHOTO 2. Check your Site
  26. 26. PHOTO 3. Do security reviews Severe security issues found in more than 50% of my reviews
  27. 27. PHOTO Q & A Please contact me! @avstudnitz avs@integer-net.com @integer_net www.integer-net.com

×