Ask HN: Any books on building a highly secure web service like a bank? - james1234
======
oblib
I have to suppose that banks, like any other web based services, use the same
methods as the rest of us.

There are no "secrets" I know of for implementing security, and we're all
pretty much in the same boat with the same holes in our hulls if we've done
what we can and keep up with the latest methods, patches, and updates.

~~~
BjoernKW
You're right. Banks just have more money to throw at these problems.

They have regular security audits. When (those systems aren't necessarily any
more secure by design than 'normal' ones, often even less so) a problem is
found during these audits they can and will pay a lot of money to fix them,
sometimes by almost brute force.

For example, rather than fixing the underlying software that causes a problem
they might close potential attack vectors at the network or infrastructure
level.

~~~
alltakendamned
Unfortunately, most financial institutions tend to be more interested in
security audits for compliance purposes, than to really resolve identified
security issues.

