cancel
Showing results for 
Search instead for 
Did you mean: 

What are the best method's to check/test patches on site?

What are the best method's to check/test patches on site?

I have applied changes for following patches

SUPEE-10975
SUPEE-11086
SUPEE-11155
SUPEE-11219
SUPEE-11295
SUPEE-11314

For magento 1 website.

Please let me know what are the best method's to check/test patches on site. (Automatic & manual)

2 REPLIES 2

Re: What are the best method's to check/test patches on site?


@hamendrasub7ef  wrote:

I have applied changes for following patches

SUPEE-10975
SUPEE-11086
SUPEE-11155
SUPEE-11219
SUPEE-11295
SUPEE-11314

For magento 1 website.

Please let me know what are the best method's to check/test patches on site. (Automatic & manual) myLoyola Portal


I appreciate the information and advice you have shared. I will try to figure it out for more.

Re: What are the best method's to check/test patches on site?

Here are some best practices to test and validate patches applied to a Magento 1 website: Automatic Testing:

  • Use a patch validation tool like the Magento Patch Detector to scan your codebase and identify any missing patches or inconsistencies.
  • Run automated vulnerability scanners like Netsparker or Acunetix regularly to detect any exploitable issues or backdoors.
  • Use a service like Patchman to automatically validate patches against your specific Magento version and configuration.
  • Set up unit, integration, and end-to-end tests to check business critical flows and prevent regression issues after patches.

 

Manual Testing:

 

  • Perform comprehensive manual validation of all key site functionality - checkout, shipping, payments, admin etc.
  • Check forms and inputs for proper data sanitization and filtering, especially in areas like search, reviews etc.
  • Test authentication systems and pages for unauthorized access or privilege escalation risks. Validate site security mechanisms like CAPTCHAs, password rules, session management etc.
  • Check for proper validation and escaping of user-contributed content like product reviews. Review all custom theme, module and integration code for vulnerabilities or exposure of sensitive information.
  • Perform penetration testing manually using tools like OWASP ZAP to uncover residual issues.

A combination of automated scans and comprehensive manual validation provides a rigorous approach to ensure applied patches effectively secure your Magento site as expected.