Awesome

Magento Security Resources

Comprehensive list of resources to help you prevent, mitigate & resolve Magento security incidents. All listed vendors have experience with Magecart-related attacks.

Are you a merchant dealing with an incident? If you have experienced staff, you can use the tools listed below to speed up the recovery process and prevent a repeat. If you don't have staff available or need an external report for compliancy, you can engage one of the consultancies below.

Official Adobe resources are marked as such.

Mitigation tools

Free

• MageReport - Remote vulnerability scanner
• Magento Malware Scanner - Server-side malware scanner
• Magento Security Scan - Remote vulnerablity scanner [Adobe]

Commercial

• eComscan - Advanced Magento malware detection

Magento consultancy services

Incident Response

• 3b Data Security - Digital forensics, incident response & data breach management services
• Foregenix - Cybersecurity, digital forensics, PCI compliance, PFI
• Sanguine Security - Empowers Magento merchants to fix and prevent breaches
• Sucuri - Complete website security, protection and monitoring

Security maintenance

• Mage One - Paid security support for Magento 1

Independent consultants

• Steve Perry - United Kingdom
• Talesh Seeparsan - Canada
• Willem de Groot - Netherlands

Magento security information

Reference

• Magento 2 Security Best Practices - [Adobe]
• Magento 2 Security Checklist - A Magento community sourced security pre-flight checklist
• Magento Incident Response Plan Template
• Magento Vulnerability Database - Central respository of vulnerabilities in 3rd party Magento components
• Magento 1/OpenMage - Security.txt generator Magento 1 Module which generates security.txt file, configurable in Magento Backend

Blogs / Research

• Magento Security Blog - [Adobe]
• Malwarebytes
• RiskIQ
• Sanguine Labs

Contribute?

Magento-specific contributions welcome!