In this day and age, pretty much every self-respecting business will have at least a minimal online shopping service. As traditional ‘bricks and mortar’ stores are gradually being shunned in favour of buying goods online, retailers large and small should consider taking every precaution to protect themselves and their customers. Much like they would with a physical store, basically.
Cyber security should be one of any business’s top priorities, particularly if a large part of their business is done online. Online sales in the UK jumped by 10% in April, suggesting that demand for ecommerce is still healthy. However, the safety of online stores isn’t always what it should be, which is where penetration testing comes in.
Penetration testing is basically a series of checks that IT experts perform on websites. These checks are done to see if a website is completely impervious to hacking and, if not, where hackers can get into the site. When testing is performed, the people executing it have every intention of getting into the website, finding out what kinds of information they can get and how a site responds to attacks.
A typical test simulates a cyber attack, in that it sends a lot of web traffic to a particular part of an ecommerce site. The first target would be the shopping cart which, in the eyes of cybercriminals, would carry the most financial rewards. For ecommerce operations, the whole network behind a website is targeted too. Then, at the end of testing, the “white hat” attackers report back.
Once penetration testing is finished, the website owners should receive feedback about where the vulnerabilities lie, if there are any. With each flaw, a solution will be suggested, but what are they? If it’s really easy for a hacker to gain entry into the shopping cart and gain bank card details, items such as an SSL (Secure Sockets Layer) certificate are needed, to add a greater layer of security.
Other common vulnerabilities found by penetration testing of ecommerce sites include:
- Weak or non-existent authentication – only usernames and passwords being needed by customers to log in to a site
- Price manipulation – where hackers can insert code into a page, allowing them to change product prices for their benefit
Whatever flaws are found, it is essential to act on them straight away. Knowing what the flaws are will enable ecommerce site owners to improve security, helping themselves and their customers.