The security audit is done

[Guest]

Hey guys, i'm happy to report we've had our security audit done, and, aside from a few minor issues (that have already been fixed in version control) it's all good!

Here are a few extracts from the Intrinium report:

Identify SQL injection weaknesses present in the application.

CubeCart’s error handling mechanism is to either halt execution of the code and display a generic error page or to redirect to a known good page.

Further, code review noted that all variables passed to the database are first scrubbed for possible malicious SQL strings.

Due to these factors, Intrinium did not identify any SQL injection weaknesses present in the CubeCart application.

Identify weaknesses in encryption mechanisms used.

Intrinium consultants tested various methods of "breaking out" of SSL encryption both when SSL is required for specific pages, and when it is required for the entire CubeCart store.

No attempts were successful.

Identify weaknesses in access control lists.

Intrinium did not identify any weaknesses in access control lists within the application.

This is primarily due to the simplicity and elegance of the design of the application.

Identify weaknesses with security related to the application’s use of cookies.

Cookie poisoning did not reveal any useful information or yield any significant results.

[Guest Brivtech]

Wey Hey, and congratulations.

Looking like September launch will indeed be a reality. Well done guys, you've both been working very hard at this, and I'm sure I can speak for everyone when I say your efforts are greatly appreciated.

Soon, there'll be a load of orders, and Al can retire to somewhere exotic, while he leaves Martin to run the company. :P

[Guest]

Soon, there'll be a load of orders, and Al can retire to somewhere exotic, while he leaves Martin to run the company.

I'll be outsourcing to India, and joining Al on the golf course :(

[Guest]

Well done all the hard work will soon pay off!!

[Guest bcwh]

Can't wait! :P

[Guest]

I read the entire report and must say it's VERY nice. I guess that's the reason that the auditing company makes so much money for doing the tests. They really hammer the heck out of CubeCart trying to break it. In nearly every instance, they failed to do so. The only potential areas they found were quickly and easily patched by Al and Martin.

Congrats on a great job guys!

;)

[Guest]

Excellent work guys.

[Guest Charles2005]

Nice. Can't wait for CC4.

I just hope that all my mods(15 -20 of them, yes I have that many) will either

work in CC4(getting updated to work) or are already built right into CC4.

[Robsta]

Well done guys. Looking good! :P

[Guest Brivtech]

Page of red in the bugs area though!

[Al Brookbanks]

Don't work we will get on to them. Martin has been off for a few days.

[Guest Brivtech]

Martin has been of for a few days.

Thought it had got a bit quiet. :)

[cb2004]

Don't work we will get on to them. Martin has been of for a few days.

Is Martin the main coder now?

[Al Brookbanks]

Martin is taking over the vast majority of coding from now but I will be doing bits now.

This is a good thing. He is a better coder than me!!

I'm relegated to general dogs body.

[Robsta]

Ahh the perks of management tehehe!

[Al Brookbanks]

I hate admin... just yesterday I spent about an hour battling with the bank as to why we have five new random direct debits on the business account for insurance companies.

We don't even have insurance!! LOL (Just joking - but not from those random companies).

Ooooh it can all be so much fun.

[cb2004]

When is Martin due back? I want to test the new version . As its going to be a RC as well I dont mind using it on a live store (even though not recommended).

[Al Brookbanks]

RC1 isn't ready yet until I have gone over the PayPal certification (in progress) and the bugs in Mantis have been complete. He will be working on the bugs today / tomorrow before he goes away for another week next week and I will have completed the PayPal US & UK certification by Friday. I'm 1/3 way through the UK one an it is already a mere 64 pages long.

Currently he is stuck in the garage with a broken down car and will be in later.

Don't panic we are still on target. I will be working late tonight and tomorrow to push hard for RC1 on Monday.

[cb2004]

Beautiful. Sounds good to me. Not forgetting the bank holiday though are you?

[Al Brookbanks]

I had indeed forgotten. Bank holidays don't tend to apply to me anyway.

* Violins *

[cb2004]

Me neither. I am definitely having it off this year though.

* Rubs salt into Al's wounds *

[Guest Brivtech]

I am definitely having it off this year though.

I have to wait until Christmas for that kind of thing! :)

[Guest webicon]

looking forward to the release candidate...

[Guest]

Currently he is stuck in the garage with a broken down car and will be in later.

for those of you that wanna know, apparently my HT leads are fried, and as a result, so are my sparks, so £140 quid in parts and labour for VW. bastards.

if i had the time, i'd do it myself for about a fifth of the cost

having to spend £70 on a hire car doesn't help things either, and neither does the £30 diagnostic test it took to work out what was wrong :'(

[Guest Brivtech]

If only everything in life was a reliable as a...

oops, better not go there!

I have the weekend set aside for work on my GMC - Front disc brakes, pads, steering column, and after that, I need to check the Rover over, I think the clutch may need an adjustment, or replacement.

Cars, what are they like. :)