|laziness, impatience, and hubris|
Paranoid about web application securityby perleager (Pilgrim)
|on Aug 08, 2005 at 21:45 UTC||Need Help??|
perleager has asked for the wisdom of the Perl Monks concerning the following question:
I'm a little paranoid about my programming. I'm about to take on a project that consists of a membership area that in order for members to view, they must pay for a subscription fee. I'm thinking about using a third party cc billing company and once a user signs up, it has a script that will update the members database to tell my web application that he/she signed up.
Now since this will deal with money, there are always potential hackers who would want to eliminate competitoin or even receive free service. Thats just my thinking...you can call it paranoia. But the thing is, I'm confident that I can do the programming, but its how well I can do it. How would I know if its secure enough? That leads to my question whether if there are private companies that check how secure an application is and then tells you the loopholes you must fix? Or Can I do this myself? I'm assuming I'll need to read lots of hacking books and then see if those hacking tricks apply to my web application.
Basically I got most security features checked off my list:
The real downer is this is on a win2k system. Is apache more secure? I may recommend the company I'm working for to move it to a apache server. But the mysql database is located somewhere elsewhere other then the web server machine (I heard this was better).
Any recommendations of articles or books to read about security with membership sort of sites will be real nice.
Thank you all,