科技回声

I'm not new to security, and that's why I ask. I have created a "payment portal" integrated with Stripe for my [few] customers. I have gone through various guides for securing debian, apache/node, mysql on dedicated instance, etc., using https only, ssl certs, passed Qualys HTTPS/SSL scan with a 90%/A Rating, performed qualys and other vulnerability scans...but have I done enough? I'm not storing credit card info, but am storing username, passwords, and basic stats. I also developed the portal with security in mind taking CORS, SQL-Injection, and other tactics into account.<p>I know security is and should be considered at every layer, but when is there a reasonable amount of security when security is not my primary focus?

2 条评论

cdvonstinkpot将近 10 年前

I don't know about 'best practices', but I know of a nice app that's less resource intensive than 'fail2ban': <a href="https://github.com/sofar/tallow" rel="nofollow">https://github.com/sofar/tallow</a>

评论 #9702954 未加载

k0将近 10 年前

Since my main concern about security is cardholder data leaks I looked into what it takes to become PCI-compliant <a href="https://www.pcisecuritystandards.org/merchants/self_assessment_form.php" rel="nofollow">https://www.pcisecuritystandards.org/merchants/self_assessme...</a>, not that PCI-Compliance is the be-all end-all of web security.

Ask HN: How secure should my site/server be?

2 条评论

Ask HN: How secure should my site/server be?

2 条评论