Comprehensive list of resources to help you prevent, mitigate & resolve Magento security incidents. All listed vendors have experience with Magecart-related attacks.
Are you a merchant dealing with an incident? If you have experienced staff, you can use the tools listed below to speed up the recovery process and prevent a repeat. If you don't have staff available or need an external report for compliancy, you can engage one of the consultancies below.
Official Adobe resources are marked as such.
- MageReport - Remote vulnerability scanner
- Magento Malware Scanner - Server-side malware scanner
- Magento Security Scan - Remote vulnerablity scanner [Adobe]
- eComscan - Advanced Magento malware detection
- 3b Data Security - Digital forensics, incident response & data breach management services
- Foregenix - Cybersecurity, digital forensics, PCI compliance, PFI
- Sanguine Security - Empowers Magento merchants to fix and prevent breaches
- Sucuri - Complete website security, protection and monitoring
- Mage One - Paid security support for Magento 1
- Steve Perry - United Kingdom
- Talesh Seeparsan - Canada
- Willem de Groot - Netherlands
- Magento 2 Security Best Practices - [Adobe]
- Magento 2 Security Checklist - A Magento community sourced security pre-flight checklist
- Magento Incident Response Plan Template
- Magento Vulnerability Database - Central respository of vulnerabilities in 3rd party Magento components
- Magento 1/OpenMage - Security.txt generator Magento 1 Module which generates security.txt file, configurable in Magento Backend
- Magento Security Blog - [Adobe]
- Malwarebytes
- RiskIQ
- Sanguine Labs
Magento-specific contributions welcome!
