What is Penetration Testing and How Does it Help Ecommerce Sites?

Online Shopping Cart

In this day and age, pretty much every self-respecting business will have at least a minimal online shopping service. As traditional ‘bricks and mortar’ stores are gradually being shunned in favour of buying goods online, retailers large and small should consider taking every precaution to protect themselves and their customers. Much like they would with a physical store, basically.

Cyber security should be one of any business’s top priorities, particularly if a large part of their business is done online. Online sales in the UK jumped by 10% in April, suggesting that demand for ecommerce is still healthy. However, the safety of online stores isn’t always what it should be, which is where penetration testing comes in.

Performing Checks

Penetration testing is basically a series of checks that IT experts perform on websites. These checks are done to see if a website is completely impervious to hacking and, if not, where hackers can get into the site. When testing is performed, the people executing it have every intention of getting into the website, finding out what kinds of information they can get and how a site responds to attacks.

A typical test simulates a cyber attack, in that it sends a lot of web traffic to a particular part of an ecommerce site. The first target would be the shopping cart which, in the eyes of cybercriminals, would carry the most financial rewards. For ecommerce operations, the whole network behind a website is targeted too. Then, at the end of testing, the “white hat” attackers report back.

Lessons Learned

Once penetration testing is finished, the website owners should receive feedback about where the vulnerabilities lie, if there are any. With each flaw, a solution will be suggested, but what are they? If it’s really easy for a hacker to gain entry into the shopping cart and gain bank card details, items such as an SSL (Secure Sockets Layer) certificate are needed, to add a greater layer of security.

Other common vulnerabilities found by penetration testing of ecommerce sites include:

  • Weak or non-existent authentication – only usernames and passwords being needed by customers to log in to a site
  • Price manipulation – where hackers can insert code into a page, allowing them to change product prices for their benefit

Whatever flaws are found, it is essential to act on them straight away. Knowing what the flaws are will enable ecommerce site owners to improve security, helping themselves and their customers.

Would you like to receive similar articles by email?

Paul Tomaszewski is a science & tech writer as well as a programmer and entrepreneur. He is the founder and editor-in-chief of CosmoBC. He has a degree in computer science from John Abbott College, a bachelor's degree in technology from the Memorial University of Newfoundland, and completed some business and economics classes at Concordia University in Montreal. While in college he was the vice-president of the Astronomy Club. In his spare time he is an amateur astronomer and enjoys reading or watching science-fiction. You can follow him on LinkedIn and Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *