In the beginning of the internet age, businesses had different uses for the internet and now as we fast forward to 2013 the internet age has changed once again! Today, the internet is a big part of our daily lives and even more so with online shopping. I can safely assume everyone reading this has bought at least one item off the web. As technology continues to grow and make our lives more and more simple; there’s a company called Magento that’s actually making businesses and organizations lives even more simple with their websites. Well, what is Magento you might ask. Magento is an open source eCommerce software platform that allows developers to create and develop websites with ease. Allowing developers to really give their company the personality it deserves. Since, Magento is a small company, in 2011, eBay acquired Magento giving the company more resources to expand and continue to develop its company software as well as improve eBays current sellers. Roy Rubin co-founder of Magento said in a QnA session with Power Retail in Australia, “In 2010, PayPal became an investor in the company, and in August 2011 eBay acquired the business.” (Philips, 2012) This now gives Magento a larger reach and can now better develop its software. Although, this software makes companies feel more at ease with the development of their sites, it is an OPEN SOURCE program which posses security threats which we will discuss in a little bit.
People are always looking for an easier way to create websites. That’s the same reason we have companies like WiX that allows you to create a website for yourself. Even though WiX offers much ease, mid-ranged and large companies need a program that will match their needs with little to no restrictions. Magento’s platform is designed to be modular and flexible, so that e-commerce developers can have more control over how they build their online stores than if they use software whose source code can’t be modified. (Perez, 2011) The reason why this company has been so successful thus far is because it’s an open source software. It allows developers to create and modify their websites using anything ranging from HTML5, CSS, SQL, PHP and much, much, more. Magento is the world’s most evolved e-commerce solution. It runs on the Apache/MySQL/PHP platform. From one installation, you can control multiple storefronts, all sharing customer and product information. (Rice, 2010) Magento also launched an app store for its extensions. Developers could create applications on top of Magento, and retailers could use this functionality in their online storefronts via the app store. (Rao, 2012) This alone gives companies more freedom to develop a certain application that can be used for their website. These companies that create the application can post on the app store to give other companies the freedom to use it without needing to recreate an application that already exists.
Since this is an open source software there are a lot of security risks that also play a factor. We created 50 mutants based on the top 10 web application security risks highlighted by the Open Web Application Security Project (OWASP) . They include injection flaws (e.g., SQL and LDAP injections), Cross-Site Scripting (XSS), broken authentication and session management, insecure direct object references, cross-site request forgery (CSRF), security mis-configuration, insecure cryptographic storage, failure to restrict URL access, insufficient transport layer protection, un-validated redirects and forwards. (IEEE, 2011) In total, there were 63 mutants that cause a security issue that people should be worried about. Although the mutants in the previous section are related to Magento’s functionalities, they reflect the general types of vulnerabilities in web applications. (IEEE, 2011) Since these are ‘general types of vulnerabilities’ found in web applications, should we be worried? The answer is no because all companies are constantly updating and upgrading their systems as well as implementing more security measures to defend against attackers. With that said companies have options in which platform they want to use.
(Taken from Magento’s website)
Magento has three different tiers companies can choose from. The Community Edition is a free version for tech savvy business people and developers to create a website to match their needs, however, this is the most limited edition. The Magento.go is more suited for small businesses and will receive better support and benefits than the Community Edition at a cost of $15 per month. Where the Enterprise Edition encompasses everything minus the hosting site/server which will cost a whopping $15,550 per year. The Enterprise Edition comes with the highest standards the company has to offer. While the other two tiers are still really great to use, the Enterprise edition is best suited for large corporations. Although this company is still small their clientele definitely says something about this product. Nike, Vizo, TOMS, and Fiji water are some of the companies that use Magento for their websites. As you can already tell this is not for your basic needs website. This is a powerful tool that is going to continue to grow in the years to come.
(Taken from Nike’s-AU Facebook Page)
Why do so many companies use this software? It allows companies to easily create what they want and how they want it in a short period of time and they have the numbers to prove it. On Magento’s about us page, it stated, “The Magento platform is trusted by more than 150,000 businesses, including some of the world’s leading brands.” Magento recently updated their software to make it even more powerful than before. The company has updated the software to improve four functions to ease any stumbling blocks retailers have as they continue to expand their businesses, especially as they begin to feature more than 1 million product SKUs. (Chen, 2013) For businesses it’s about having a faster return time in getting the site up and running as well as its functionality. While having a faster return rate is good being able to have a functioning website that can update quickly and report gains in revenues is even better. But, why would companies choose this software over others? Well, its because there’s no restrictions in an open source program. Developers can modify and create new options for the needs of the company. Not only that on Magento’s website, there are tutorials, forums, as well as technical support waiting to assist you with any questions you may have. Having a large community of developers can and will resolve issues you have. There’s always a solution to a problem.
Magento recently updated their systems earlier this month which includes:
Optimized indexing to deliver faster, full catalog reindexing for 1 million products. According to InternetRetailer.com, Magento customers previously have had to completely reindex their site when adding products, changing prices, or updating images.
Improved caching performance to support greater traffic, or customers.
Streamlined checkout flow to improve page load times. Customers can now browse retailers websites 20%-35% faster and immediately access newly added products.
Improved tax recommendation engine to provide greater accuracy when calculating tax rates. The new version supports global merchants with more than 3,000 tax rate zones.
Companies will continue to use Magento as it continues to grow. As Magento remains an open source software platform, developers will continue to develop code. Technology is constantly changing and growing and since Magento is such a versatile software it will continue to prosper and help companies around the world. There will always be security issues as well as everything else in life, but as long as security measures are in place to help defend against attackers, we will be safe. The different choices companies can choose from allow small and big companies to use this software and continue to develop and improve Magento’s current state. I truly believe more and more companies, even fortune 500 companies will adapt this type of software to improve on their own websites.
Chen, K. (2013, April 12). eBay Upgrades Magento E-Commerce Platform. Fool. Retrieved from http://www.fool.com/investing/general/2013/04/12/magento-releases-platform-upgrades-to-magento-ente.aspx
Magento. (n.d.). Retrieved from http://www.magentocommerce.com/company
Perez, J. (2011, June 6). EBay Buys Magento to Boost Its E-commerce Developer Tools. EBay Buys Magento to Boost Its E-commerce Developer Tools. PCWorld. Retrieved from http://www.pcworld.com/article/229503/article.html
Philips, C. (2012, February 21). Q&A: Roy Rubin, General Manager of Magento E-Commerce Platform. Power Retail. Retrieved from http://www.powerretail.com.au/operations/interview-roy-rubin-ceo-magento/
Rao, L. (2012, April 12). Founder: eBay Doesn’t Understand The Meaning Of Open. TechCrunch. Retrieved from http://techcrunch.com/2012/04/12/recently-departed-magento-cto-and-co-founder-ebay-doesnt-understand-the-meaning-of-open/
Rice, W. (n.d.). Magento. Retrieved from http://0-proquest.safaribooksonline.com.opac.library.csupomona.edu/book/web-development/magento/9781847195944
Thomas, L., Xu, W., & Xu, D. (2011). Mutation Analysis of Magento for Evaluating Threat Model-Based Security Testing. Retrieved from http://0-ieeexplore.ieee.org.opac.library.csupomona.edu/stamp/stamp.jsp?tp=&arnumber=6032235&tag=1