Magento security tests scan that are very important for your webstore’s security:
» Default admin login page URL exposure test – Checks if your website have default admin panel location, which is not recommended and makes attackers task easier.
» Magento Downloader login screen exposure test – Magento downloader is used to upload Magento extensions to your website, which is not recommended in production.
» Directory listing test – Checks whether you are listing all your directories and files to the world. This is common and dangerous thing.
» File permissions test – Checks whether you are allowing your sensitive files to display to the world or not. Again it is common mistake that even big websites do.
» File content exposure test – Are you showing your database and website username/password configuration settings to the world?
» Magento latest version test – Checks if you are using old version of Magento or are using outdated version which is not recommended.
» Admin panel security test – Checks how secure is your admin panel
» Default “admin” user account test – You should really get rid of “admin” username as it’s really very common administrator username to have.
» Lifetime coupons test – Do you want to give your products in discount price even if there’s no discount on it?
» HTTPS test on checkout and customer page – Customer and checkout page contains very sensitive information of customers, it should be very secure.
» Repository code exposure test – Are you showing your code to the world?
… and we are adding more!!