Important Notice from AspDotNetStorefront
It is with dismay that we report that we have been forced, through the action of hackers, to shut off write-access to this forum. We are keen to leave the wealth of material available to you for research. We have opened a new forum from which our community of users can seek help, support and advice from us and from each other. To post a new question to our community, please visit: http://forums.vortx.com
Results 1 to 5 of 5

Thread: Security Metrics - https://www.securitymetrics.com

  1. 06-11-2010, 02:08 AM #1
    sprogg is offline Member
    Join Date
    Jan 2009
    Posts
    79

    Default Security Metrics - https://www.securitymetrics.com

    As part of our ongoing process with taking online payments the banks are introducing more stringent security measures and for those that fail to comply with their procedures there are potentially heavy financial risks involved.

    In order to avoid this many UK aspdnsf sites taking credit card payments using a merchant account ID will have to submit their site to the above for test.

    Mine has failed with the following results, but I am struggling how to resolve them, so would be grateful to anyone that can shed light on what it all means and what is required to pass.

    Results:

  2. 06-11-2010, 07:18 AM #2
    AspDotNetStorefront Staff - Scott's Avatar
    AspDotNetStorefront Staff - Scott is offline Administrator
    Join Date
    Mar 2007
    Location
    Ashland, OR
    Posts
    2,390

    Default

    With the exception of the 'DEBUG' entries, those are all hosting concerns, you would need to contact the host for those issues.

    For the 'DEBUG' issues, make sure that the compilation mode debug= is set to 'false' in your web.config.
    ECommerce Shopping Cart
  3. 06-13-2010, 03:30 AM #3
    sprogg is offline Member
    Join Date
    Jan 2009
    Posts
    79

    Default

    Thanks Scott

    The debug was the easy fix, sorted, but the rest I am assuming is related to the SSL certificate?

    Interestingly it is up for renewal in the next week or so, so I'm assuming we should upgrade to the SSL 3.0 standard?

    Would that resolve some of the issues there?

    Having investigated the report the answers are not really obvious. Security Metrics charge £70 for the PCI Scan and then fail to provide solution suggestions to the problems, unless I'm missing something.

    This is quite frustrating as HSBC are threatening to charge £200 per month for the service if we dont comply.
  4. 06-14-2010, 08:27 AM #4
    AspDotNetStorefront Staff - Scott's Avatar
    AspDotNetStorefront Staff - Scott is offline Administrator
    Join Date
    Mar 2007
    Location
    Ashland, OR
    Posts
    2,390

    Default

    Getting an SSL 3.0 cert will help with the 4th and last items on that list, but not the rest. Those are other separate issues that the host would need to address
    ECommerce Shopping Cart
  5. 06-17-2010, 11:13 AM #5
    chuckb_jr is offline Junior Member
    Join Date
    Apr 2009
    Posts
    17

    Default

    We use Security Metrics as well, and you just have to contact them and let them know these are operating parameters and they shouldn't be counted as failing items. You have to use remote access to manage your server, DNS is what it is, etc. If you host can secure some of these items, then that is the best solution but in some cases you are limited by the platform (we have some sites running on Win2k and that's as hardened as it's going to get without platform/forklift upgrades)and they understand that.

    c b j