What security concerns do you associate with ecommerce and how would you test them?
Well, this is really similar to day 22.
So I might use it as an opportunity to think about OWASP.
What would I test on the top ten?
At a first glance, I would look at
Are the fields I’m entering data into safe from injection?
I’d test out any fields I can enter data into for special characters - a <script> tag is a nice easy one.
What are our password requirements?
Are they sensible - are there any silly requirements (e.g. max password length?)
What is our password recovery process like - do we rely on any easily accessible knowledge (mothers maiden name)
Encryption of sensitive data
What data are we storing that could be sensitive - passwords and payment details spring to mind.
Is it all encrypted appropriately?
Can I directly access pages that belong to another user? Like their profile or shopping cart?
What about different user permissions - can I access a page I shouldn’t? Like a buyer accessing something only accessible to sellers?
There’s probably more in the top ten to dig in to, but this is where I would start!