Many of the web sites that we examine here in the Foregenix Forensics Lab use third-party APIs to build their web applications, especially with regards to the handling and processing of customers payment card data.  We also see many sites running out of date applications such as PHP 5.5 or less. 

As the attached article explains, SSL API certificates are not being validated correctly when returned from the API server and therefore are leaving eCommerce web sites susceptible to Man-In-The-Middle attacks. 

Anyone using PHP as their development language should be aware that version 5.5 and below does not implement TLS correctly and therefore should be upgraded to PHP 5.6. Read more on upgrading.