Answer the question
In order to leave comments, you need to log in
B
B
Boris Belov2016-04-20 21:47:28
Boris Belov, 2016-04-20 21:47:28
How to create a secure site for payment systems?
Hello.
I am creating a website (not an online store) where payment will be made.
Interested in what is required for this implementation? get SSL certificates? Or something else?
What payment systems do you use, which ones are the worst for hackers.
And what advice would you give when creating a secure site.
7 answer(s)
@CityCat4
@FireGM
@BookaLtd
@dmi3jo
@MrGroovy
I would also recommend that you secure your site from attacks by cybercriminals. No matter how trite it may sound, but as a result of a successful attack, you or your customers will lose money.
Be sure to check the site for web application vulnerabilities ( OWASP TOP 10 ), it also does not hurt to check the vulnerabilities of the OS network stack, ports opened by mistake (For example, a database sticking out without authorization) and vulnerabilities associated with the operation of application protocols due to outdated software versions (ssh, ftp). Also remember to use strong passwords and change them periodically. For each individual vulnerability and for each individual type, there are different utilities for checking.
You can start with Nmap and continue by reading the OWASP Web Application Security Guide.
There are special resources, vulnerability scanners that can check most vulnerabilities at each level.
https://metascan.ru
https://detectify.com/
C
CityCat4, 2016-04-20 @CityCat4
The certificate is unambiguous, and not according to simplified protection, but according to the standard one and not from StartSSL or WoSign, but from a decent CA. Well, of course, if you don't care about reputation.
I
Ilya, 2016-04-20 @FireGM
If you just want to connect payment systems, i.e. you will be paid, for example, from Yandex money to Yandex money, then you don’t have to do anything. These payment systems have already been made for you. You only need to paste the generated frame/button code.
And if you decide to make your own, then you will need to study a lot and you will not be helped here.
V
Victoria, 2016-04-22 @BookaLtd
An SSL certificate with an organization verification level or extended verification, I think it's a must. Many payment systems will not connect you without a certificate, for example, Yandex cashier.
Much depends on how exactly you want to arrange payment.
D
dmi3jo, 2016-08-18 @dmi3jo
Recently, the ucoz constructor has the ability to connect ssl certificates, both for subdomains and for your own domain (instruction uguide.ru/kak-kupit-i-podkljuchit-ssl-sertifikat-k-ucoz ), plus there are many online payment systems directly on the site. In principle, not a bad platform for creating a site, I would even say top uguide.ru/rejting-luchshij-konstruktor-sajtov-runeta
M
MrGroovy, 2020-12-09 @MrGroovy
And what advice would you give when creating a secure site.
I would also recommend that you secure your site from attacks by cybercriminals. No matter how trite it may sound, but as a result of a successful attack, you or your customers will lose money.
Be sure to check the site for web application vulnerabilities ( OWASP TOP 10 ), it also does not hurt to check the vulnerabilities of the OS network stack, ports opened by mistake (For example, a database sticking out without authorization) and vulnerabilities associated with the operation of application protocols due to outdated software versions (ssh, ftp). Also remember to use strong passwords and change them periodically. For each individual vulnerability and for each individual type, there are different utilities for checking.
You can start with Nmap and continue by reading the OWASP Web Application Security Guide.
There are special resources, vulnerability scanners that can check most vulnerabilities at each level.
https://metascan.ru
https://detectify.com/
Similar questions
A
B
A
Y
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question