Security
-
https://sansec.io/guides/sansec-shield
Sansec Shield is a smart Web Application Firewall (WAF) that provides real-time protection for Magento and Adobe Commerce stores. Unlike traditional WAFs that rely on generic rules, Sansec Shield is integrated with the Magento core architecture and benefits from Sansec's famous expertise in Magento security. This makes our WAF the most effective solution to defend your Magento store.
-
https://github.com/Hawksama/module-oauth-security-plus
A powerful module that whitelists IP addresses for Magento 2 REST and SOAP Admin API token generation. Helps prevent unauthorized API access by ensuring only requests from trusted IPs can create admin tokens.
01 Feb 2025
-
https://github.com/aligent/magento2-pci-4-compatibility
A Magento 2 module to bring Magento in-line with the PCI DSS 4.0 requirements
06 Jan 2025
-
https://github.com/wubinworks/magento2-jwt-auth-patch
Deny tokens issued by old encryption key. If you cannot upgrade Magento or cannot apply the official patch, try this one.
15 Dec 2024
-
https://helpx.adobe.com/security/products/magento/apsb24-73.html
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system read, security feature bypass and privilege escalation.
-
https://github.com/opengento/magento2-hoodoor
This module provides a top-notch security for your customers' accounts by adopting a passwordless approach, effectively removing the vulnerability of weak passwords from your database. This instills a sense of confidence and reliability in your platform among your customers.
-
https://magentians.wordpress.com/2024/08/26/how-to-csp-inline-script-for-checkout-required-since-june-2024/
Adobe released a security patch in June 2024 which introduced some major changes to how Magento handles Content Security Policy (CSP), and these changes directly impact functionality around the checkout.
Many developers were caught unprepared because Adobe didn’t announce this big change in the release notes.
-
https://github.com/DeployEcommerce/module-trojan-order-prevent
This is a Magento 2 extension that prevents billing/shipping addresses being saved via the API with known trojan order strings. This is not a fix for CVE-2022-24086 but an additional layer of protection for merchants.
20 Aug 2024
-
https://www.yireo.com/blog/2024-08-02-magento-and-hyva-checkout-and-csp
For some time now, Magento has been shipping with a CSP module, in general for security reasons but more specifically for PCI compliance. Magento 2.4.7-p1 changed the game and Hyvä is as-of-yet not compatible with these new changes. But there are solutions.
02 Aug 2024
