I have to say that as a developer doing the code fix, it was simply amazing and very powerful to have the complete web workflow of the shopping cart available as an automated O2 script .
This allowed me to quickly ensure that:
a) the app still behaved as it should (after the fix)
b) the vulnerabilities identified where properly fixed
What do you think of the solution?