Ask HN: How secure should my site/server be?
2 points by k0 10 years ago | 3 commentsI'm not new to security, and that's why I ask. I have created a "payment portal" integrated with Stripe for my [few] customers. I have gone through various guides for securing debian, apache/node, mysql on dedicated instance, etc., using https only, ssl certs, passed Qualys HTTPS/SSL scan with a 90%/A Rating, performed qualys and other vulnerability scans...but have I done enough? I'm not storing credit card info, but am storing username, passwords, and basic stats. I also developed the portal with security in mind taking CORS, SQL-Injection, and other tactics into account.
I know security is and should be considered at every layer, but when is there a reasonable amount of security when security is not my primary focus?
- cdvonstinkpot 10 years agoI don't know about 'best practices', but I know of a nice app that's less resource intensive than 'fail2ban': https://github.com/sofar/tallow
- k0 10 years agoThanks for the link.
- k0 10 years ago
- k0 10 years agoSince my main concern about security is cardholder data leaks I looked into what it takes to become PCI-compliant https://www.pcisecuritystandards.org/merchants/self_assessme..., not that PCI-Compliance is the be-all end-all of web security.