[fusion_builder_container background_color=”” background_image=”” background_parallax=”none” enable_mobile=”yes” parallax_speed=”0.3″ background_repeat=”no-repeat” background_position=”left top” video_url=”” video_aspect_ratio=”16:9″ video_webm=”” video_mp4=”” video_ogv=”” video_preview_image=”” overlay_color=”” video_mute=”yes” video_loop=”yes” fade=”no” border_size=”0px” border_color=”” border_style=”” padding_top=”20px” padding_bottom=”20px” padding_left=”0px” padding_right=”0px” hundred_percent=”no” equal_height_columns=”no” hide_on_mobile=”no” menu_anchor=”” class=”” id=””][fusion_builder_row][fusion_builder_column type=”2_5″ layout=”2_5″ last=”false” spacing=”yes” center_content=”no” hide_on_mobile=”no” background_color=”” background_image=”” background_repeat=”no-repeat” background_position=”left top” hover_type=”none” link=”” border_position=”all” border_size=”0px” border_color=”” border_style=”” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”” margin_bottom=”” animation_type=”” animation_direction=”” animation_speed=”0.1″ animation_offset=”” class=”” id=”” first=”true” min_height=””][fusion_text]

Impact of Vulnerable Themes & Modules On PrestaShop

Data Security Standards & Best Practices for Application Development

I recently had the opportunity to discuss this topic with Lesley Paone and Michael Dekker. Both experts in developing PrestaShop modules and Themes. There has been a spate of vulnerable modules and themes circulating in the PrestaShop community. Mainly in the forums free module section. These experts will advise you on what to look for when deciding your theme or module purchase on your live store.

 

[/fusion_text][fusion_title size=”3″ content_align=”left” style_type=”single dashed” sep_color=”” margin_top=”” margin_bottom=”” class=”” id=””]

PrestaShop Expert Developers

[/fusion_title][fusion_tagline_box backgroundcolor=”backgroundcolor=” shadow=”yes” shadowopacity=”0.7″ border=”1px” bordercolor=”” highlightposition=”top” content_alignment=”left” link=”” linktarget=”_self” modal=”” button_size=”” button_type=”” buttoncolor=”” button=”” title=”Connect with Lesley Paone” description=”I am an e-commerce developer and I specialize in SEO for ecommerce. I do pretty cool things, you should follow me or keep in touch with me.” margin_top=”” margin_bottom=”” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ animation_offset=”” class=”” id=”” button_border_radius=””]

 

My Website: dh42.com[/fusion_tagline_box][fusion_text] [/fusion_text][fusion_tagline_box backgroundcolor=”” shadow=”yes” shadowopacity=”0.7″ border=”1px” bordercolor=”” highlightposition=”top” content_alignment=”left” link=”” linktarget=”_self” modal=”” button_size=”” button_type=”” buttoncolor=”” button=”” title=”Connect With Michael Dekker” description=”Michael Dekker is an expert in PHP development with over 5 years experience. He has written over 200 free and paid modules and contributes to the shopping cart software.” margin_top=”” margin_bottom=”” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ animation_offset=”” class=”” id=”” button_border_radius=””]6775736

Website: My Bog[/fusion_tagline_box][/fusion_builder_column][fusion_builder_column type=”3_5″ layout=”3_5″ last=”true” spacing=”yes” center_content=”no” hide_on_mobile=”no” background_color=”” background_image=”” background_repeat=”no-repeat” background_position=”left top” hover_type=”none” link=”” border_position=”all” border_size=”0px” border_color=”” border_style=”” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”” margin_bottom=”” animation_type=”” animation_direction=”” animation_speed=”0.1″ animation_offset=”” class=”” id=”” first=”false” min_height=””][fusion_imageframe lightbox=”no” gallery_id=”” lightbox_image=”” style_type=”dropshadow” hover_type=”liftup” bordercolor=”” bordersize=”2px” borderradius=”0″ stylecolor=”” align=”center” link=”” linktarget=”_self” animation_type=”0″ animation_direction=”down” animation_speed=”0.1″ animation_offset=”” hide_on_mobile=”no” class=”” id=””] Data Security Standards Best Practices[/fusion_imageframe][fusion_title size=”2″ content_align=”left” style_type=”single solid” sep_color=”#000000″ margin_top=”” margin_bottom=”” class=”” id=””]

Threat Assessments

[/fusion_title][fusion_text columns=”” column_min_width=”” column_spacing=”” rule_style=”default” rule_size=”” rule_color=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” animation_type=”” animation_direction=”left” animation_speed=”0.3″ animation_offset=””]

Michael Dekker’s Recommendations

Every store owner should ask the perspective software author these things:

  1. Have you ran your web application through a vulnerability scanner?
  2. Are you listed on the PrestaShop’s addon store?
  3. You should check theme/module reviews.

Lesley Paone’s Recommendations

You should definitely have nightly backups and retain them on your own hard drive for at least 30 days. And, make sure you get the best cheap wordpress hosting and has antivirus software installed on the server. PCI DSS Requirement 5.1.1. states that you should have antivirus software installed at your home office PC/Mac and on the server. You should also hire a professional to remove malware injected into your code and/or database. If you think you need a software to help you manage and secure your data, then consider Couchbase.

Mr. Paone recently announce on July 6th, 2016 a vulnerable warehouse theme for prestashop on his blog.

[/fusion_text][fusion_separator style_type=”single solid” top_margin=”” bottom_margin=”” sep_color=”” border_size=”” icon=”” icon_circle=”” icon_circle_color=”” width=”” alignment=”center” class=”” id=”” /][fusion_text] [/fusion_text][fusion_title size=”2″ content_align=”left” style_type=”default” sep_color=”” margin_top=”” margin_bottom=”” class=”” id=””]

How StrikeHawk Protects Your Theme / Modules

[/fusion_title][fusion_text]

PCI DCC V3 Requirement 6.10 requires any hosting provider and end-user to regularly check logs for malicious activity. A Intrusion Detection System such as CXS from Configserver.net helps us ensure we can flag and react to that kind of activity. In most instances, malware is rejected from upload or injection from vulnerable themes or modules.

We tested the warehouse theme reported by Mr. Paone for all of the known vulnerabilities reported. No such penetration ever made it past our security systems. It’s the only line of defense you have in your arsenal. We protect you from malicious attacks with all the web applications you install in our hosting environment.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]