Security and your commerce implementation
- Posted on August 21, 2019
Today many people are still concerned about the security of their information online, especially their financial data when they participate in shopping and financial experiences. There is still some hesitation to use credit cards to shop online, or provide information in order to bank online, etc. A fundamental aspect of the commerce experience is confidence that transactions will occur securely and customer data is protected.
Commerce Platforms and Security
A decade ago (e-)Commerce solutions for large brands were generally implemented by a limited selection of large and potentially expensive all-in-one enterprise commerce platforms. These platforms were packaged on-premises, providing maximum control over implementation but also very costly in terms of pricing, IT intervention and maintenance required. Securing these could be done within the implementation of the platform as well as by establishing governance.
Today there are many more commerce platforms and many of them are service-based. There are also experience based platforms like Sitecore Experience Commerce and Adobe Magento. These encapsulate modern services rather than just one platform. There could be a service managing Shopping Cart, one managing your entire checkout flow, one managing your catalog and assets, one managing your user generated content, etc. Securing these is more complex as there may be many endpoints and potential vulnerabilities, not all controlled by your organization.
Commerce implementations face a variety of security concerns today. The STRIDE analysis below attempts to model these threats.
STRIDE = Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, Elevation of Privilege. Each of these threats is a violation of primary security properties – Confidentiality, Integrity, Availability, plus secondary properties Authenticity, Non-repudiation and authorization.
Spoofing | Authenticity |
Tampering | Integrity |
Repudiation | Non-repudiation |
Information Disclosure | Confidentiality |
Denial of Service | Availability |
Elevation of Privilege | Authorization |
There are areas and use cases in the Commerce experience that would be vulnerable to each of these threats.
Spoofing
Threat | Vulnerability | Risk |
---|---|---|
Phishing |
|
|
Third party Spam |
|
|
Session Hijacking |
|
|
Credential stealing |
|
|
Tampering
Threat | Vulnerability | Risk |
---|---|---|
Faked product data |
|
|
Price Manipulation |
|
|
SQL Injection |
|
|
Repudiation
Threat | Vulnerability | Risk |
---|---|---|
Log Manipulation |
|
|
Information Disclosure
Threat | Vulnerability | Risk |
---|---|---|
Unauthorized admin access |
|
|
Brute Force URL injection |
|
|
XSS and CSRF injection |
|
|
Directory Traversal Attack |
|
|
Non Secure sessions |
|
|
Error Disclosure |
|
|
Denial of Service
Threat | Vulnerability | Risk |
---|---|---|
Insecure third party advertisements |
|
|
Out of memory |
|
|
Request flooding and resources exhaustion |
|
|
System crash |
|
|
Elevation of Privilege
Threat | Vulnerability | Risk |
---|---|---|
Unauthorized access to admin console |
|
|
Take countermeasures to mitigate security risks
Some of the countermeasures to mitigate the risks identified above can include the following:
- Change well-known default credentials on the platform (e.g. Sitecore admin/b).
- Obfuscate or change folder and node names from default (e.g. Sitecore item names).
- Identify all APIs and services (REST included, if any) and make inaccessible the ones that don’t need to be publicly exposed.
- Do not allow outside access to public endpoints (URL, form, etc.) without tokenization or some other form of authentication.
- Implement and review PCI-DSS and compliance for your site (currently V3.2.1).
- Establish governance on code reviews and ensure all code follows OWASP guidelines.
- Ensure platform is always up to date as security vulnerabilities are often patched.
- Consider enhanced authentication beyond simple login id/password credentials (like two factor authentication or one time password) for your site
- Establish proper governance on backups, incident response, business processes and content processes.
- Establish clear communication paths from your brand to your customers.
Additional details on Sitecore Security is located here, and additional tips on securing the Sitecore Experience Platform is here.
Many of the above countermeasures will apply to Sitecore Experience Commerce, along with the following:
- Establish least-privilege on all roles. Basic authors should have Experience Editor access only, etc.
- Clearly defined roles and item level access.
- Customize roles rather than using the defaults.
- Use Active Directory or central IAM for authentication, rather than Sitecore.
- Keep the Sitecore Experience Platform and Sitecore Experience Commerce versions up to date.
- Minimize roles with admin access.
- Disable public access to /sitecore URL.
- Limit or disable access to Sitecore Desktop.
Want to find out how you can secure your Sitecore Experience Commerce or eCommerce implementation? Connect with Avanade to get started.
Comments