Auditing Payment Gateway

In this article we will discuss the security concerns over payment gateway at different functional levels and how to perform a security audit on payment gateway to identify security risks at application level.

A payment gateway is an online payment solution which empowers merchants to accept payment online including credit card, debit card, direct debit, bank transfer and real-time bank transfers. Payment gateway protects sensitive customer data like credit card number & CVV, netbanking credentials etc. by encrypting the traffic to ensure that the information is passed securely between customer & merchant. Continue reading

Implementing Secure File Upload

This post is about building a set of defensive layer around the process of uploading the file. File upload is a very critical process and often exploited by the hackers. The consequences of a successful file upload exploit could be complete disclosure of the source code of the target application or malware infection of the server.

There are 2 ways to store the uploaded file – in file system or in database. Here I will discuss pros and cons of both the approaches and also demonstrate how to implement secure file upload in PHP.

Continue reading