comment on

Have at least one other person look over your code. It's easy not to notice problems in your own code, that stand out to others.
See if any existing well known authentication systems fit, before re-inventing the wheel. Odds are they've been looked over quite well over time.
Keep it as simple as possible. Think any special security features through. It's not uncommon to add a feature meant to increase security, that actually makes it worse.
Obviously keep everything patched, but attempts at password stealing/sharing/brute forcing is more common than attempts to hack into a pay site. (at least the ones I've worked with)

Hope this helps.

Update: All the above advice assumes you're using a 3rd party processor, so you only have to deal with authentication, not actual credit card/payment data.

In reply to Re: Paranoid about web application security by cowboy
in thread Paranoid about web application security by perleager

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.