Given there’s a lot of talk about containerisation in the applications marketplace at the moment, this post is intended to provide a light introduction to the subject with a few pointers on security.

As a UK-based cybersecurity firm, our employees and clients touch every continent on the globe. Despite the company’s small size, with only 91 employees, Foregenix continues to push the envelope. In fact, at the beginning of 2017 Foregenix were named amongst the top fastest growing exporters in the UK by The Times. Since then, Foregenix has achieved an additional 11 award nominations.

The purpose of this post is to help clients better prepare, digest and act upon the results of a web application penetration test.

We’ll start at the beginning and ramp up really quickly. DevOps is a portmanteau of development and operations. We can consider it to mean automation of platform operations, or scripted operations. 

Wikipedia has the following definition:

"DevOps (a clipped compound of "development" and "operations") is a software delivery process that emphasizes communication and collaboration from concept to market, including product management, software development, and operations professionals. 

Magento is the most popular eCommerce web application in the world, with an estimated 236,000 live web sites using the Content Management System (CMS) technology[1]. Available in both paid-for “enterprise” versions and free “community” versions, it powers some of the world's most popular websites including Huawai[2], Land Rover[3] and Helly Hansen[4]. However, common eCommerce platforms make popular targets for hackers and thieves looking to steal payment card information. Like any web application, attackers will always look to exploit vulnerabilities in the underlying code before researchers can identify them and developers can fix them, but even an up-to-date and fully patched system can be left vulnerable if it is not configured properly or merchants do not follow information security best practice.