aMember Pro v4 Security Risks

Discussion in 'Pre-Sales Questions' started by engineerwsu, Aug 5, 2015.

  1. engineerwsu

    engineerwsu Member

    Joined:
    Sep 18, 2014
    Messages:
    31
    A web developer told me that amember is not secure. According to this person, hackmiami.com was hired to hack into the software and was able to gain access to the database in a few minutes. I am not sure if this is true or not.

    Does anyone have any information about potential security risks for amember?
  2. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,279
    There are no any known security issues in aMember v4. Do he has any proof? if so can you contact me in helpdesk ?
    There were vulnerabilities in aMember v3 or aMember v2 but that was several years ago and all these vulnerabilities were fixed already. aMember v4 was created from scratch following all modern security standards.
  3. pjman

    pjman Member

    Joined:
    Oct 18, 2013
    Messages:
    51
    I hear this hearsay nonsense from people all the time. It is 99.99999% more likely that, if there is any truth to that story, it was through the 9 million vulnerability in other software or systems holes. As a sys admin I find that crackers never waste time looking for holes in software that is used by less than 100,000s of thousands of user. Honestly, I have used Amember 4 for some time and it complies with every standard I have seen.
  4. engineerwsu

    engineerwsu Member

    Joined:
    Sep 18, 2014
    Messages:
    31
    I really appreciate you all's feedback. When I first heard this information I had not done any testing myself so I trusted him. Now that I see what he is developing for me, I seriously question his knowledge and ultimately I seriously question his alleged vulnerabilities of aMember.

    My site will hold sensitive information so it must be secure. I made this a priority in my specification. But, from what I've seen in his work, plain text passwords are being used which are a huge no no.

    My main concerns are with SQL injection, remote script execution, and bots creating spam accounts.
    Last edited: Aug 6, 2015
  5. pjman

    pjman Member

    Joined:
    Oct 18, 2013
    Messages:
    51
    Yeah, that guys sounds like a bonehead know-it-all. I would stop working with him ASAP.

    I've been using Amember for about 8 years now for myself and other clients. Like Alex said, they addressed all your security concerns with version 4 of Amember. I have my sites penetration tested twice a year on top of basic PCI scanning. Amember always passes with flying colors.

Share This Page