What Is Penetration Testing and How Does It Help Ecommerce Sites?

Online Shopping Cart

In this day and age, pretty much every self-respecting business will have at least a minimal online shopping service. As traditional ‘bricks and mortar’ stores are gradually being shunned in favour of buying goods online, retailers large and small should consider taking every precaution to protect themselves and their customers. Much like they would with a physical store, basically.

Cyber security should be one of any business’s top priorities, particularly if a large part of their business is done online. Online sales in the UK jumped by 10% in April, suggesting that demand for ecommerce is still healthy. However, the safety of online stores isn’t always what it should be, which is where penetration testing comes in.

Performing Checks

Penetration testing is basically a series of checks that IT experts perform on websites. These checks are done to see if a website is completely impervious to hacking and, if not, where hackers can get into the site. When testing is performed, the people executing it have every intention of getting into the website, finding out what kinds of information they can get and how a site responds to attacks.

A typical test simulates a cyber attack, in that it sends a lot of web traffic to a particular part of an ecommerce site. The first target would be the shopping cart which, in the eyes of cybercriminals, would carry the most financial rewards. For ecommerce operations, the whole network behind a website is targeted too. Then, at the end of testing, the “white hat” attackers report back.

Lessons Learned

Once penetration testing is finished, the website owners should receive feedback about where the vulnerabilities lie, if there are any. With each flaw, a solution will be suggested, but what are they? If it’s really easy for a hacker to gain entry into the shopping cart and gain bank card details, items such as an SSL (Secure Sockets Layer) certificate are needed, to add a greater layer of security.

Other common vulnerabilities found by penetration testing of ecommerce sites include:

  • Weak or non-existent authentication – only usernames and passwords being needed by customers to log in to a site
  • Price manipulation – where hackers can insert code into a page, allowing them to change product prices for their benefit

Whatever flaws are found, it is essential to act on them straight away. Knowing what the flaws are will enable ecommerce site owners to improve security, helping themselves and their customers.

Paddy Crier is a 22 year old history graduate keen to share his travel ambitions and experiences in informal yet informational contributions to this site. He has in the past stayed in a variety of accommodations ranging from luxurious 5 star hotels to the most basic of youth hostels, in destinations all around the world including Paphos, Paris, London Sardinia, New York and Amsterdam. His contributions are not limited to these locations however as he has a an in-depth knowledge of many other countries and cities and aims to inspire fellow travel enthusiasts to pursue their travel ambitions!

You can follow him through the buttons below.