Magento is a widely used open source eCommerce software. A Magento store is also prone to be a target of malicious activities by malware and hackers. And when transacting online, using credit cards or other mode of payment, security is of utmost importance. Even though Magento gets patched for security reasons on a regular basis, below is the detailed list of best practices which can be applied on Magento to mitigate the vulnerabilities.
A new Magento vulnerability has been found in a Zend Framework 1 and 2 EMAIL COMPONENT. The component is used by all Magento 1 and Magento 2 software and other PHP solutions. This vulnerability is serious and can lead to a remote code execution attack if your server uses Sendmail as a mail transport agent.
Magento 2 is faster. M2 supports PHP 7, which frequently delivers a doubling in performance over previous PHP releases. The new default indexers in Magento 2 include all of the functionality as in the previous enterprise versions. The difference is that they come with more efficient updates and have been improved to speed up the query performance.
SUPEE-8788 is the latest security patch for Magento released on October 11, 2016 that provides protection against several types of security-related issues, including remote code execution, information leaks and cross-site scripting.
Magento Commerce has recently announced the launch of its next-generation commerce applications marketplace, Magento Marketplace. Magento merchants can extend the functionality of their Magento stores and deliver far-more-engaging experiences to their customers with a simplified user experience for easy discovery of curated, high-quality products and services. Further, the extension developers get access to a large and growing customer base. With the new Magento Marketplace they are bringing in a new vetting process that consist of a technical, marketing and business value review. This ensures that Magento merchants only buy high quality technologies from the most trusted developers in the Magento ecosystem.
