Magento Security Follow-Up
DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in one of the future patches. In light of these findings, we published a follow-up that describes examples of several attacks used in the real world that combine common vulnerabilities with faulty security mechanisms in Magento, leading to an unfavourable outcome.
DefenseCode agreed to coordinated disclosure on all currently reported vulnerabilities and there will be no details available publicly until the patches are released.
Follow-up paper can be downloaded here.
- Latest Generation of Dynamic Application Security Testing solution from DefenseCode – WebStrike
- Ubiquitous AI Corporation appointed as DefenseCode’s partner
- DefenseCode announces GitHub Action to provide SAST solution for developers
- DefenseCode ThunderScan® SAST 2.1.0 added support for Go and ABAP languages
- ThunderScan® Enterprise SAST Now Supports Linux