philee Posted November 8, 2011 Share Posted November 8, 2011 Should I hire a security team to audit my Prestashop? How secured is PS 1.4.5.1? Possible vulnerabilities? Template being hi-jacked Modules Shell Injection SQL Injection XSS vulnerabilities Database being compromised Defacement and etc. I have a lot of Add-On modules (not anything near a PS out-of-the-box). Link to comment Share on other sites More sharing options...
gkontos Posted November 8, 2011 Share Posted November 8, 2011 Hi philee, an out of the box installation is not very secured. Security of your prestashop is also related to the environment that is hosting your shop. What we usually do is: Restrict .tpl access for template hi-jacking Deny access in apache directive to directories like /classes /config /tools Avoid world writable files and directories Use a web application firewall that can determine and prevent most attacks related to: scanners sql injections xss attacks trojans correlation protocol violations Generally speaking add-on modules and templates are more difficult to secure so we often customize special firewall signatures for them. Best Regards, George Link to comment Share on other sites More sharing options...
philee Posted November 8, 2011 Author Share Posted November 8, 2011 Hi gkontos, Thanks for answering my questions. For protecting my .TPL, I used: http://catalogo-onlinersi.com.ar/en/add-ons-prestashop-modules/229-potect-rsi-prestashop-module.html I will ask my host to deny access for those three sub-folders: /classes /config /tools File Permission: Folder - 755 Files - 644 Haven't used any security audit tools on my site yet. Link to comment Share on other sites More sharing options...
gkontos Posted November 8, 2011 Share Posted November 8, 2011 Hi philee, They look like a good starting point. If you like a security audit on your site, we can perform one for free for you. In order for this to happen, we will have to determine that the site is really yours and your host must agree to this since they will receive a lot of "illegitimate traffic" ! Please feel free to contact me for further details. Best Regards, George Link to comment Share on other sites More sharing options...
PariGupta Posted June 30, 2012 Share Posted June 30, 2012 Anyone can plz tell me how to do security audit in prestashop1.4.7... i badly need this... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now