About AbleCommerce

Beginning its life in 1993, AbleCommerce was first written using a programming language called Cold Fusion. Over time, the software evolved towards Windows and ASP. Our latest version uses current technologies, including Asp.Net MVC5 framework and Responsive Bootstrap.

AbleCommerce is equipped with a plug-in based framework. This framework allows developers to extend its capabilities by writing pluggable custom modules.

  • A full-featured API that's extensible and easy to customize
  • Microsoft SQL relational database
  • Available as a Web Application Project
  • Schema supports rich content editing functions

Enterprise Class Architecture

AbleCommerce foundations are laid on enterprise-class software architecture. Backed by a robust and versatile database design, enhanced with the most advanced and solid NHibernate object-relational framework, powered with the flexibility and adaptability of Inversion-of-Control (IOC), and designed with Service-Oriented Architecture (SOA), AbleCommerce is enterprise class software made easy and available within reach of every developer.

COMMERCEBUILDER FRAMEWORK

The hallmark of AbleCommerce powered websites is the popular CommerceBuilder framework which is set of compiled libraries having most intuitive and easy to follow API that power the ecommerce features of your websites. CommerceBuilder isolates the complex business logic away from your web scripts and lets you focus on your customizations and UI alone.

OBJECT-RELATIONAL MAPPING WITH NHIBERNATE

With NHibernate taking care of all the complexities of impedance mismatch between object oriented domain and relation databases, you can focus directly on objects and get the benefits of high code reuse, high productivity, application maintainability and a good application design.

SERVICE-ORIENTED ARCHITECTURE

Service-oriented architecture (SOA) is the software design and architecture pattern based on discrete pieces of application functionality being provided as services to other pieces of the application or other applications. AbleCommerce implements important aspects of business Logic and various features as services. These services can be easily overridden and custom implementations can easily be incorporated.

DEPENDENCY INJECTION AND IOC WITH CASTLE WINDSOR

AbleCommerce makes use of Castle Windsor for Dependency Injection and IOC Container. All repository interfaces and all service implementations are resolved via IOC container. This makes it very easy for developers to change the implementations to their custom ones.

PLUG-IN FRAMEWORK

AbleCommerce supports third-party tools for payment processing, shipping rates, and tax calculation using the Plugins feature. The CommerceBuilder framework uses a provider model where you can integrate a new service without any customization to Commercebuilder itself and without the need for any of our compiled source code.

OVERRIDE BUSINESS LOGIC EVENTS

One of the prized features of AbleCommerce is that it has a detailed set of business logic events that are fired when their corresponding business logic event takes place. AbleCommerce makes these events easily intercepted and overridden. These events provide a great way to hook your custom code, custom business logic and special handling code at the happening of a desired event.

Why Choose AbleCommerce?

There is absolutely no risk to signing up for the Able Developer program. After registration, you can download and install the free AbleCommerce developer version.

Our secure development practices

Step 1: Laying the foundation for PCI certification

Preceding any development work, the first step to obtaining a certification from the Payment Card Industry requires a properly designed and secure development setting. Our employees are trained using best practices for application development. We have two Microsoft certified senior developers who manage the team’s assignments.

Training for each developer covers the following points:

Writing clean, readable and well commented code • Input/output validation • Manual code reviews • HTML/SQL Injection awareness • Use of cryptography for sensitive data • Logging and tracing • Unit and integration Testing, Fuzz Testing • Debugging tools like SQL, Code and memory profilers. • Targeting ASP.NET Medium Trust

Step 2: Stream-lined application development

AbleCommerce development and support policies range from issue tracking to distribution of downloads. We’ve been doing this for 25 years, so our internal practices are refined and efficient. Detailed procedures are in place for issue reports, new features, source control, quality assurance, testing, distribution and release of patches.

We utilize Atlassian’s JIRA for issue tracking and project management. All AbleCommerce issues, projects, tasks, and bugs will have a corresponding entry in the JIRA system. The site uses a secure https connection at all times. It is a private resource and only authorized developers with a secure username and password will have access. The development team also uses Atlassian’s Fisheye application. Fisheye extracts information from the source code repository and displays it in sophisticated reports.

Step 3: Maintaining source control

All files, documents, and scripts that are pertinent to the AbleCommerce application are stored in TortoiseSVN source control system. TortoiseSVN is a revision control/version source control software for Windows. There are established check-in procedures to the repository, and the source files are located in a secure secondary location only accessible by a separate set of login credentials.

Each developer maintains a local development environment where Visual Studio is installed and used with other tools to facilitate debugging. Any changes made to the shared code base are mirrored to each developer’s version. After a change is checked in using SVN, the developer verifies the update and a serious of automated tests are run to ensure the change didn’t break anything.

Step 4: Quality Control and Distribution

All changes must go through the QA process on a shared test environment before they can be included in a publicly released build. The quality assurance procedures we have in place prevent bugs, incorrect updates, and any overlooked flaws in new features. The QA process includes three primary stages: 1) developer code review, 2) initial QA test and code inspection, and 3) final QA test and review. All issues pass through several persons and processes before they are considered complete and ready to close.

AbleCommerce developers use the Open Web Application Security Project (OWASP) as a resource to ensure that they understand the issues related to web application security. Vulnerabilities, such as cross-site scripting, injection flows, denial of service attacks, insecure data storage, improper error handling, etc. and how each relates to AbleCommerce, are always kept in mind while writing code to ensure the application is protected from the most common threats.

Step 5: Ensure we have a secure well-tested application

Our last and most important review is by the Payment Card Industry to obtain PA-DSS certification. The process is costly and grueling and can take anywhere from 6 months to a year. Luckily, we’ve been doing this for more than ten years, with our first official PA-DSS version 1.2 certification on June 1st, 2009. The next examination will begin when AbleCommerce is released to the public as a non-beta version.

At the end of it all, our reputation is on the line, so when we prepare any build for release, know that it will have been through our rigorous stages before being distributed to the public. We also have a new system in place to distribute patches from within the AbleCommerce application itself. This method allows us to provide merchants version specific patches so there will be no guesswork about an installation’s upgrade status.