Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gwillem/magento-security-resources

Crowd-sourced resources to help merchants mitigate and prevent Magento security incidents
https://github.com/gwillem/magento-security-resources

Last synced: about 2 months ago
JSON representation

Crowd-sourced resources to help merchants mitigate and prevent Magento security incidents

Host: GitHub
URL: https://github.com/gwillem/magento-security-resources
Owner: gwillem
Created: 2019-09-02T13:23:17.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2023-01-03T09:37:06.000Z (about 2 years ago)
Last Synced: 2024-08-04T01:13:32.985Z (5 months ago)
Language: Python
Homepage:
Size: 6.84 KB
Stars: 11
Watchers: 5
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

mageres - Magento Security Resources - Crowd-sourced resources to help merchants mitigate and prevent Magento security incidents. (Security / Free)

README

        # Magento Security Resources

Comprehensive list of resources to help you prevent, mitigate & resolve Magento security incidents. All listed vendors have experience with Magecart-related attacks.

> Are you a merchant dealing with an incident? If you have experienced staff, you can use the tools listed below to speed up the recovery process and prevent a repeat.

> If you don't have staff available or need an external report for compliancy, you can engage one of the consultancies below.

Official Adobe resources are marked as such.

# Mitigation tools

## Free

- [MageReport](https://www.magereport.com) - Remote vulnerability scanner

- [Magento Malware Scanner](https://github.com/gwillem/magento-malware-scanner) - Server-side malware scanner

- [Magento Security Scan](https://account.magento.com/scanner/) - Remote vulnerablity scanner [Adobe]

## Commercial

- [eComscan](https://sansec.io/ecomscan/) - Advanced Magento malware detection

# Magento consultancy services

## Incident Response

- [3b Data Security](https://3bdatasecurity.com/) - Digital forensics, incident response & data breach management services

- [Foregenix](https://www.foregenix.com/) - Cybersecurity, digital forensics, PCI compliance, PFI

- [Sanguine Security](https://sansec.io) - Empowers Magento merchants to fix and prevent breaches

- [Sucuri](https://sucuri.net/) - Complete website security, protection and monitoring

## Security maintenance

- [Mage One](https://www.mage-one.com) - Paid security support for Magento 1

## Independent consultants

- [Steve Perry](https://twitter.com/stevemarkperry) - United Kingdom

- [Talesh Seeparsan](https://twitter.com/_Talesh) - Canada

- [Willem de Groot](https://twitter.com/gwillem) - Netherlands

# Magento security information

## Reference

- [Magento 2 Security Best Practices](https://docs.magento.com/m2/ee/user_guide/magento/magento-security-best-practices.html) - [Adobe]

- [Magento 2 Security Checklist](https://github.com/talesh/magento-security-checklist) - A Magento community sourced security pre-flight checklist

- [Magento Incident Response Plan Template](https://github.com/talesh/response)

- [Magento Vulnerability Database](https://github.com/gwillem/magevulndb) - Central respository of vulnerabilities in 3rd party Magento components

- [Magento 1/OpenMage - Security.txt generator](https://github.com/kkrieger85/magento-module-security-txt) Magento 1 Module which generates [security.txt](https://securitytxt.org/) file, configurable in Magento Backend 

## Blogs / Research

- [Magento Security Blog](http://magento.com/security/) - [Adobe]

- [Malwarebytes](https://blog.malwarebytes.com)

- [RiskIQ](https://www.riskiq.com/blog/category/magecart/)

- [Sanguine Labs](https://sansec.io/labs)

# Contribute?

Magento-specific contributions welcome!