Tags: vietnam software outsourcing, vietnam software development, global software outsourcing, software development center

Many e-commerce sites display excellent design but they never know security is the most important. Website vunerabilities may cause you electronic wares lost, customer information dumped by hackers. NOSEC JSky will assistance you how to fixed this out.

How to check my e-commerce website vulnerabilily?

Now let's take a look at a famous e-commerce shopping cart software - Zen-cart. Zen-cart has been widely used but it's vunerability are not well known by most e-comerce shop boss. We will show you what NOSEC JSky can do in 15 minutes for a Zen-cart ecommerce shop.

1. First, let's take a look at NOSEC JSky fast scan result. There is a vunerability we called "Zen cart curl_test vulnerability".
2. What does this vunlerability may cause?
* Access OS file. Such as /etc/passwd. This result all system users info leaked.
* Access system configuration files.
* Read other servers that behind firewall by send http request "http://www.yourwebsite.net/shop/extras/curltest.php?url=http://172.16.100.1?

How to fixed it out?
Remove extra folders from your server after install
In a standard Zen Cart install, there are a few additional folders provided which DO NOT need to be uploaded to your live webserver.
In fact, leaving the files in those folders on your server can pose some security risks if not used as intended.
While most of the risks are minor in that attempting to access some of those files/scripts/documentation could reveal some information about your server which might allow more sophisticated hack "probing" to occur, there are some more significant risks including unauthorized access to information on your server or even "accidental" wipe of your whole database in the case of the zc_install folder being left online.
So, it's important that after you've installed your site and are satisfied that it's working properly, including actually doing live transactions to test ALL the payment and shipping modules you're using on your site, be sure to do some cleanup:

REMOVE THE FOLLOWING FOLDERS (and all the files inside them), TO MINIMIZE SECURITY RISKS:
- /docs
- /extras
- /zc_install
- /install.txt (this file can be removed, too)
It is safe to keep these files on your own computer, since they can be used as references/documentation, or used to aid in troubleshooting as diagnostic tools, or for upgrading/installing again in the future. But those folders/files should *not* be on a live webserver.

Are you running an ecommerce shop? Request NOSEC JSky trail edition to scan your website right now.