What security practices should I implement for my gambling website?
Question
- Is it enough to use secure coding practices such as the OWASP Top Ten?
- What techniques should I use to detect tampering?
Solution
DON'T TRUST ANY USER INPUT AT ALL
OTHER TIPS
While I don't have any inside information, I would be much surprised if the top gambling sites didn't use secure coding practices such as the mentioned, as they deal with real money and very often with large sums.
What I know is that some of the online poker website use carefully thought mechanisms to detect bots, such as statistical data and click detection.
Yes as JPCosta mentioned, the bigger security problem for Online gambling sites are from bots that are used by players to play on behalf of them. These bots are written to scrape other bets, use smart logic and place bets. That results actually in human playing / betting against a bots (but assuming its a human). This defeats fair play and if he loses more often it will leave the site.
There are third party services that can be integrated with your application to detect bots smartly. One such is ShieldSquare
Disclaimer: I'm one of the cofounder of ShieldSquare - a bot detection solution.