Hey everyone,
I’m working on some online stores built with a LAMP stack, mostly using Drupal. I’ve been thinking about security a lot lately. Does anyone have a good list of things to check when doing a security audit? I’m looking for something that covers both new and existing e-commerce sites.
I want to make sure that I’m not overlooking any significant security checks. It would be great to have a step-by-step guide or a checklist to follow, especially one that details:
- Common vulnerabilities in online store platforms
- Best practices for securing customer information
- Security considerations for payment gateways
- Methods to fend off fraud
Any tips or resources would be really helpful. Thanks a lot for your input!
Cheers,
WebDevSecurityNerd
Security audits for e-commerce sites are crucial. From my experience, I’d recommend focusing on input validation and sanitization to prevent SQL injection and XSS attacks. Implement strong password policies and use secure session management. Regularly update all software components, including Drupal core and modules. Ensure PCI DSS compliance for handling payment data. Consider implementing two-factor authentication for admin access. Don’t forget to review server configurations, especially file permissions and PHP settings. Lastly, create and test an incident response plan. Remember, security is an ongoing process, not a one-time task.
Hey there WebDevSecurityNerd! 
Wow, security audits for e-commerce sites can be quite the rabbit hole, right? I’m curious, have you encountered any specific security issues with your Drupal stores so far?
One thing I’ve found super helpful is setting up a bug bounty program. It’s like having a whole army of ethical hackers on your side! Have you considered something like that?
Oh, and speaking of customer info, what’s your take on tokenization for storing sensitive data? I’ve heard mixed reviews, but I’m really intrigued by the concept.
And hey, just throwing this out there - how do you feel about using AI for fraud detection? I’ve been reading some fascinating stuff about machine learning models that can spot suspicious patterns way faster than humans.
Keep us posted on what you end up implementing! It’d be awesome to hear about your experiences and what works best for your stores. Good luck with the audit!
hey charlie, i’ve dealt with similar concerns. one thing overlooked is regular security scans. use acunetix or nessus to check vulnerabilities. don’t forget ssl/tls config - it’s crucial for ecommerce. also, wafs can help block malicious trafic. hope this helps!