Astra Web Security Blog - Website & CMS Security News

astra, web, security, blog, website, cms, security, news

Cross Site Scripting XSS - Astra Security

Cross-Site Scripting (XSS) attacks are stated as one of the most rampant occurring yet easily fixable injection attack faced by e-commerce businesses and a variety of other web applications. From targeting applications built on archaic web technologies to newer ones using rich, client-side UIs, XSS has plagued them all. However, it is imperative to realize that vulnerabilities posing as a…

Recently a new severe 0-day Magento vulnerability has been released by DefenceCode team in an advisory. If you are vulnerable from this, attackers are capable of remotely executing  arbitrary code. As of now the vulnerability has been confirmed for the Magento Community edition as the researcher did not test for the enterprise edition. But since both the version use same base code there is…

Magento-Module-XSS-AffiliatePlus-GetAstra.com

A couple of weeks ago, we were performing a security scan for a customer using Magento shop. While auditing their website our team found a critical vulnerability in Affiliate Plus module. According to Affiliate Plus' website, 7000+ stores use the extension. This Affiliate Plus Magento module XSS vulnerability leaves a number of Magento stores vulnerable. About Affiliate Plus Magento Module XSS When logged…

Lately, Magento has been in news owing to frequent notorious attacks on it's payment security system. A recent case of Magento attack witnessed credit card scrapers targeting the payment security system of Magento stores in order to steal paramount credit card information. Consequently, Magento has been wary of vulnerabilities in its system and in a prudent attempt, regularly releases security patches as…

In arguably the most common question small business owners have, when they are asked about security is that "why would anyone hack me, I'm just a small business owner ?". People should understand the greater consequences which await their immediate attention. Truth be told, small and medium size businesses are targeted by hackers the most. Here's why hackers hack small and medium businesses…

E-Commerce Security is often not the top priority of store owners. If given an analogy between physical stores and electronic retail stores, people invest into the security of their physical stores in terms of CCTV cameras,  alarm systems, door locks and more. This arrangement is made to save yourself from shoplifting. People need to understand that shoplifting, when done in electronic…

As e-commerce platforms worldwide are opting for stronger security measures, attackers are constantly developing new techniques to compromise these platforms and steal sensitive information provided by customers. A recent case of cyber crime targeted to steal paramount credit card data by compromising Magento’s payment security sheds light on the susceptible state of web security and a dire need of a stronger…

Dr. Jan Van Den Berg is a Full Professor Cyber Security at Faculties of EEMCS and TPM (TUDelft), Full Professor Cyber Security at Faculty Governance & Global Affairs(LU), Scientific Director of the Cyber Security  Academy The Hague. Since January, he is also the honorary professor at Amity University within the Amity School of Engineering and Technology. We recently got into a…

Close