Re: What are the best method's to check/test patches on site?
Here are some best practices to test and validate patches applied to a Magento 1 website: Automatic Testing:
Use a patch validation tool like the Magento Patch Detector to scan your codebase and identify any missing patches or inconsistencies.
Run automated vulnerability scanners like Netsparker or Acunetix regularly to detect any exploitable issues or backdoors.
Use a service like Patchman to automatically validate patches against your specific Magento version and configuration.
Set up unit, integration, and end-to-end tests to check business critical flows and prevent regression issues after patches.
Manual Testing:
Perform comprehensive manual validation of all key site functionality - checkout, shipping, payments, admin etc.
Check forms and inputs for proper data sanitization and filtering, especially in areas like search, reviews etc.
Test authentication systems and pages for unauthorized access or privilege escalation risks. Validate site security mechanisms like CAPTCHAs, password rules, session management etc.
Check for proper validation and escaping of user-contributed content like product reviews. Review all custom theme, module and integration code for vulnerabilities or exposure of sensitive information.
Perform penetration testing manually using tools like OWASP ZAP to uncover residual issues.
A combination of automated scans and comprehensive manual validation provides a rigorous approach to ensure applied patches effectively secure your Magento site as expected.
