I suggest you ...

Tool for Security Testing

Create a tool for licensed users that embeds all known hacks against X-cart to test for all known things that an X-cart owner should do to prevent hacks. To avoid malicious use, perhaps this is a compiled tool and perhaps a licensed user can only run it on their own licensed site (something for you to think about). In terms of how this would report feedback to user, as a guideline, your error reporting on installation is very useful to test for hosting compliance at hosting site. A similar reporting mechanism could be employed in this new security tool where warnings are explained in terms of what to fix (like the one in your install tool for changing privileges on 4 files). For installation, the installation wizard was very clear what to fix and then retest. This would be a great benefit to know that everything that should have been done and could have been done for security is done. If there is a new hack, th e tool will capture the test and a memo can go out to customers to run the new version of the tool. Think of this like software specific "anti-virus" in terms of keeping up with all known intrusion methods, even though the tool isn't related to viruses but to hacks.

13 votes
Sign in
Signed in as (Sign out)

We’ll send you updates on this idea

Rodney McInnis shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

5 comments

Sign in
Signed in as (Sign out)
Submitting...
  • Andreas Dinesen commented  ·   ·  Flag as inappropriate

    This could include some tests on both on the filesystem permissions as well as possible threats on SQL injections.

    The best would be a new module or paid add-on like some software firewalls/protection systems that has been made for Joomla!

  • Jon Wong commented  ·   ·  Flag as inappropriate

    I do have one ecommerce site being hacked one time. The site is created using Oscommerce. I do not remember if it is a hired developer or hacker who inserted a php file. The hacker can execute the file to open any pages or folders in the site and write them without any permission. I did find it out accidently when I download the whole site for backup. An anti-virus tool detects a virus in a file. If QT can develop a tool automatically scan site for virus, that'd be great.

  • Kevin Morley commented  ·   ·  Flag as inappropriate

    I agree with your sentiments here Rodney, it would be especially helpful to the likes of myself who can do some basic work while using prompts. Has you say it is like using Norton or Mcaffee that find the fault and suggest a resolution. You got my vote!

  • Jon Wong commented  ·   ·  Flag as inappropriate

    If the xcart developing team has done the security testing, why we as users test the security? When new version of xcart is published out, it should be well tested.

Feedback and Knowledge Base