Projects

How not to suck at data validation and output: Security is an important aspect of web application development. In this talk we’ll have a look on methods and ways Magento 1 and 2 provide to increase security.

This official guide published by Magento outlines a multifaceted approach to improve the security of your Magento installation. I was a co-contributor to the publication and also volunteered answering questions on both the Official Magento Community Forums and the Magento Stack Exchange site. Content from the forums posts that we created was used as the basis for this Magento Security Best Practices Guide.

Current Version: https://magento.com/security/best-practices/security-best-practices

Co-Contributors:

  • Piotr Kaminski
  • Anna Völkl
  • Willem de Groot
  • Robert Mangiafico
  • Roman Tsiupa

I was approached by a client who had received a notice from their host because their site had been breached and as part of the breach phishing pages were hosted on their server. As part of the engagement I cleaned up malware off the site, did a detailed audit of the code and made sure it was all clean. I also introduced additional security measures like http auth for admin pages, IP based SSH restrictions, key based ssh auth, database cleanup.

Performed full Security Audit, identified and removed malicious code and entry points. Improved security by moving to a hardened custom AWS environment and got store whitelisted within 2 days. Setup version controlled multi-developer workflow with Github.

Names2glue Security Patches 24 hours 2 months ago

SUPEE-8788, SUPEE-5994, SUPEE-6285, SUPEE-7405, SUPEE-6788, SUPEE-5344

Angy Security Patches 24 hours 2 months ago

SUPEE-8788, SUPEE-5994, SUPEE-6285, SUPEE-7405, SUPEE-6788, SUPEE-5344

EbaFestas Security Patches 24 hours 2 months ago

SUPEE-8788, SUPEE-5994, SUPEE-6285, SUPEE-7405, SUPEE-6788, SUPEE-5344

Marukom Security Patches 24 hours 2 months ago

SUPEE-8788, SUPEE-5994, SUPEE-6285, SUPEE-7405, SUPEE-6788, SUPEE-5344

Are You a Hero?

Sign up now to add your profile to the site. Whether you're a freelancer or work for an agency or a merchant, you can find other developers to hire or get clients for yourself or for your company.