An e-commerce shop is a specific type of web application. Unlike a website, which mainly serves to inform customers about the company and its products, shops involve the transfer of a lot of information about users. For this reason, penetration tests of such web applications are extended compared to basic web application tests.
What information and data should be particularly protected on an e-commerce app?
- User login data (logins and passwords)
- Personal data of customers
- Order history
- Invoices
The dangers that can cause direct financial loss to the e-shop owner include:
- Price manipulation
- Fraudulent use of discount codes
- Temporary or total shop closure
- Swapping payment gateways
The e-commerce penetration tests we conduct include, in addition to testing web applications, the following elements:
- Verification of the purchasing process
- Analysis of the process involved in redeeming promotional coupons or other types of discounts
- Security tests of the ways in which personal data is stored (backups, servers and processes)
- Security analysis of integration with payment gateways
- Verification of the security of the CMS and its integration with the ERP system (if existing)