A friend of mind run a webstore that was hacked last month. Unfortunately due to a change in the CC module the site was storing the full 16 digits not just the last 4 as it previously did. This has resulted in several of his customers, including me, having their CC numbers stolen.

What I am wondering is are their products out there that he can use to verify that there are no know flaws in his site that could be used to hack it? It uses osCommerce.