- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2020
10:32 PM
10-25-2020
10:32 PM
What are the best method's to check/test patches on site?
I have applied changes for following patches
SUPEE-10975 SUPEE-11086 SUPEE-11155 SUPEE-11219 SUPEE-11295 SUPEE-11314
For magento 1 website.
Please let me know what are the best method's to check/test patches on site. (Automatic & manual)
Labels:
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2022
11:24 PM
09-09-2022
11:24 PM
Re: What are the best method's to check/test patches on site?
@hamendrasub7ef wrote:I have applied changes for following patches
SUPEE-10975 SUPEE-11086 SUPEE-11155 SUPEE-11219 SUPEE-11295 SUPEE-11314For magento 1 website.
Please let me know what are the best method's to check/test patches on site. (Automatic & manual) myLoyola Portal
I appreciate the information and advice you have shared. I will try to figure it out for more.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-06-2023
02:26 AM
10-06-2023
02:26 AM
Re: What are the best method's to check/test patches on site?
Here are some best practices to test and validate patches applied to a Magento 1 website: Automatic Testing:
- Use a patch validation tool like the Magento Patch Detector to scan your codebase and identify any missing patches or inconsistencies.
- Run automated vulnerability scanners like Netsparker or Acunetix regularly to detect any exploitable issues or backdoors.
- Use a service like Patchman to automatically validate patches against your specific Magento version and configuration.
- Set up unit, integration, and end-to-end tests to check business critical flows and prevent regression issues after patches.
Manual Testing:
- Perform comprehensive manual validation of all key site functionality - checkout, shipping, payments, admin etc.
- Check forms and inputs for proper data sanitization and filtering, especially in areas like search, reviews etc.
- Test authentication systems and pages for unauthorized access or privilege escalation risks. Validate site security mechanisms like CAPTCHAs, password rules, session management etc.
- Check for proper validation and escaping of user-contributed content like product reviews. Review all custom theme, module and integration code for vulnerabilities or exposure of sensitive information.
- Perform penetration testing manually using tools like OWASP ZAP to uncover residual issues.
A combination of automated scans and comprehensive manual validation provides a rigorous approach to ensure applied patches effectively secure your Magento site as expected.