It's probably a PCI compliance scan. They check for a lot of things like (basic)... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		thmorton on Sept 26, 2014 \| parent \| context \| favorite \| on: Facebook Is Partnering With Stripe to Power “Buy” ... It's probably a PCI compliance scan. They check for a lot of things like (basic) XSS, CSRF, insecure versions of PHP/Apache, unprotected folders named "admin/", backup files which could leak source code, and so on. It's mostly just for show, but can catch some stupid mistakes. Typically you'll have to whitelist their servers so that they don't trip your firewall/IDS/whatever.

aianus on Sept 26, 2014 [–]

> backup files which could leak source code

Would an open source app not be PCI compliant?

thmorton on Sept 26, 2014 | [–]

Nah, that would be fine. It's not a problem with the source being available, more the fact that the file could contain sensitive information like passwords (like say in a config.php file).

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact