Magento friend or foe – Security by obscurity




Being the most popular eCommerce software in the world, Magento is an attractive target to hackers who would love to get insider your store.
A compromised website can have consequences on both merchant and customer since a hacker might distribute your data or use them to his personal interest.
Data security is critical since your website might be processing personal and in some cases even payment information.
Our goal is to take some of the most common security exploits and see how they can be used in the context of a magento website.
✓ XSS – reflected / persistent
✓ Cross Site Request Forgery – injecting malicious code
✓ Simultaneous request in the context of order placement
✓Real life security exploits examples
Maximum number of attendees: 30 [having their laptops (ideally with MacOS) is mandatory for the hands-on portion of the workshop]