Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

OpenCart: (Why) The Open Source Project Uses Invicti Enterprise

We are now more confident in our code thanks to scanning it with Invicti Enterprise. Knowing that we can deploy a test site and have it scanned for the latest security threats in just minutes does help ensure that we keep the most recent releases as secure as possible.

– James Allsup, OpenCart project Technical Consultant

OpenCart is an open source shopping cart web application. It is installed on more than 300,000 business and e-commerce websites which vary from one-person start-up company to large organizations and charities. Such popularity also brings along a lot of attention, sometimes the wrong type of attention. Therefore the OpenCart developers team try their best to deliver the most possible secure software.

What Does It Take to Develop a Secure Open Source Web Application?

The Good: Depending on the Community

Many open source projects have loyal followers which sometimes go the extra mile for the better of the project. Being the good product it is, OpenCart enjoys such benefit; community users share the results of independent security audits and are cooperative when reporting on issues, thus allowing the developers to fix any possible security flaws and release updates before they are made public.

The Bad: Lack of (available) Resources and Automated Tools

In today’s fast paced world, a responsive community is just not enough. Imagine what could happen if a malicious attacker finds a zero-day vulnerability and instead of reporting it to the OpenCart developers he starts exploiting it in the wild.

The OpenCart developers are well aware of such risk and had previously tried to use several automated tools to identify any possible security flaws in their project’s code. But like almost any other open source project, resources are limited and as James Allsup, the projects Technical Consultant explained “most of the other tools and suites that we tried were always either over complex or under developed, and are usually ridiculously overpriced!”

Using Invicti Enterprise for a More Secure OpenCart Project

“Since we started using it, our experience has been perfect. From an excellent easy to use interface and a neat API solution, down to the minor details like support for two-factor authentication and security audit logs. It’s an amazing tool that ticks all the boxes”.

Integrating Automated Web Application Security Scans via the API

We’ve always taken great pride of our fully fledged API, and brag about it quite a lot (rightly so). But today we are leaving it up to someone who is using it to tell you on how good it is;

“We use Jenkins to automate a lot of our tests such as code scanning for errors, standards, repetition etc. We also create a full installation of each build to save time when wanting to test improvements on a fresh, live install. At the end of our build stage we now hook into the Invicti Enterprise API to trigger an automated web vulnerability scan on the new installation.

The fact that we can hook into our existing infrastructure was a huge bonus and saves us the time on manually starting scans for a new install.”

Developers have More Confidence in their Code with Invicti Enterprise

Since its inception, the Invicti web vulnerability scanner found hundreds of zero-day vulnerabilities in open source projects (and counting), though it did not find anything critical yet in the OpenCart project, and the developers hope it remains so. Still, by integrating automated web application security scans in their development process, the OpenCart developers are “more confident in our code thanks to scanning it with Invicti Enterprise. Knowing that we can deploy a test site and have it scanned for the latest security threats in just minutes does help ensure that we keep the most recent releases as secure as possible.”

Sumeru Solutions
“We like Invicti not only because it is able to be configured quickly, but also the scans themselves are completed quickly, reliably and without false positives (a large timesaver in and of itself).”
Read the Sumeru Solutions Case Study
ING Bank
"As opposed to other web application scanners we used, Invicti is very easy to use and does not require a lot of configuring. An out of the box installation of Invicti Web Application Security Scanner can detect more vulnerabilities than any other web application..."
Read the ING Bank Case Study
RPM Software
“Invicti are not just another vendor from where we purchase any other software, they are like business partners. We have to trust their products do a good job to ensure the security of our cloud-based platforms, else our business’ reputation could on the line. And Invicti have earned such trust.”
Read the RPM Software Case Study

Turn your security process into a success story