Blesta is a web based billing application quickly gaining popularity all around the world. It is the most professional, most intuitive, most secure billing application of its kind on the market today.

Website: http://www.blesta.com
Demo: http://demo.blesta.com <-- The demo speaks for itself
Free Trial: https://www.blesta.com/order/2/44

*If you order a paid copy, use coupon code "WHT" for 25% off (first month only on monthly licenses)
**If you own a competing product, email us for a 30% off coupon on an owned license. We have import scripts for WHMCS, ClientExec, ModernBill/Plesk Billing, and WHMAutoPilot.

Our 2.1 release adds Windows support, now Blesta runs on Linux and Windows running Apache or IIS. Blesta is highly object oriented and is the first billing application to require PHP 5 at launch.

Features:


Automatic recurring billing
Automatic payment processing
Email or Paper invoice methods
Streamlined manual payment entry
Built in ticket system, with email piping support
Integration with control panels like cPanel, Plesk, DirectAdmin and more!
Integration with gateways like Authorize.net, Quantum, PayPal and more!
.. way more, you got to check out the demo (http://demo.blesta.com)


Developers:


Extensive API over JSON or PHP serialization
Internationalized interface, create your own language files
Completely editable templates, for everything
Open module, gateway, invoice and anti-fraud systems
No fee to remove branding


Security


256-bit AES encryption cipher used for credit card data
Remote access key required for cron jobs and API access
Ability to lock down API access to an IP address
Does not require any publicly accessible directories to be writable (chmod 777)
Runs with register_globals OFF
MySQL queries are protected against SQL injection
Lots more behind the scenes


We take a proactive not a reactive approach to security.

We are real people, we have a real office with a real phone. We all work here, this allows us to give you the best support possible. Want to speak with our lead developer? Not a problem.

We realize that no billing application is the right fit for everyone, if we don't think Blesta is right for you - we'll tell you.

If you made it this far down the page, thanks for reading. Remember, check out the demo - if you like it, download the trial. Have questions? Give us a call, hit up our forums, or drop us an email. I look forward to hearing from you.

Cheers!

Paul

Is this software PA-DSS Certified ?

Is this software PA-DSS Certified ?

Not yet, and I'm not aware of any of our competitors that are either.. but that's not to say we shouldn't be headed that way. With that said, looking at PA-DSS requirements I think it's fair to say that there are a few items that could be an issue. For example, logging of all admin account activities - though card data can only be decrypted with the encryption key, logging in as an admin doesn't suffice. We also do not maintain instructional documentation for customers on PA-DSS and PCI compliance.

On most items we're good. We've implemented techniques to prevent against XSS, SQL injection, etc. We audit our own code, and test against common (and not so common) exploits. MySQL can run on a server that is not connected to the Internet, separate from the app, though rarely do people set it up this way. We use 256-bit AES cipher for PANs and we never store CVV2 or PIN data.

Aside from some potential issues, I think we are mostly PA-DSS compliant. PA-DSS certified is another thing.. aside from that, I don't see any major hurdles in someone becoming PCI Compliant and if any issues were brought to our attention we would certainly work toward a resolution.

Thanks for bringing up the point. Doing so keeps everyone aware of security, we all want to keep customer data - especially sensitive customer data secure. There have been too many examples (even here on WHT most recently) where things have gone terribly wrong.

Even though a lot can be done application side, when it comes to PCI compliance, most servers fail horribly. Preventing unauthorized access server side is critical.

Not yet, and I'm not aware of any of our competitors that are either.. but that's not to say we shouldn't be headed that way. We also do not maintain instructional documentation for customers on PA-DSS and PCI compliance.

Thank you for your direct honestly. From the other companies I have queried, so far you re the second which even acknowledges PCI. As I am sure you are aware, for any company who accepts credit cards for payment, to be PCI compliant, they must (not an option) use PA-DSS certified software, unless they program in house.

Aside from some potential issues, I think we are mostly PA-DSS compliant. PA-DSS certified is another thing.. aside from that, I don't see any major hurdles in someone becoming PCI Compliant and if any issues were brought to our attention we would certainly work toward a resolution.

Looking forward to the first billing application that is certified.

Even though a lot can be done application side, when it comes to PCI compliance, most servers fail horribly. Preventing unauthorized access server side is critical.

Agreed. It is of course one of the major reasons my business does what it does. PCI compliance is not a single thing, it encompasses and intertwines with almost every aspect of a business. Software and servers are only a small part of the PCI process. Policies, procedures, employee relations and more all fit into compliance as well.

I'll be definitely taking a closer look at Blesta this weekend. The demo was very nice.

I'll be definitely taking a closer look at Blesta this weekend. The demo was very nice.

Thanks Orien.. hey we crossed paths in another thread, you're not far from here. We should meet up sometime.

Thanks Orien.. hey we crossed paths in another thread, you're not far from here. We should meet up sometime.

Ah, sorry. I missed your reply. Yeah, we should. :D

This looks interesting.

Hi!

Have you planed to add a module for Stargate (Actually US2/UK2 for domain registration)

Hi!

Have you planed to add a module for Stargate (Actually US2/UK2 for domain registration)

We haven't had any requests for it that I'm aware of.. at least until now!

When we write modules we need the services API documentation and generally a test account (if they offer one). If you know where we can find their documentation we'll certainly take a look and consider implementing it. We have a feature request project on our forums and encourage people to post suggestions there.. so if you're willing to post it there that would be great - but here is fine too.

It also helps if you're willing and able to test the module before it's officially released.

Thanks for the suggestion!

Hi!

Not sure if this is usefull

http://www.test.api.onlyfordemo.net/DomainsKit/examples/html/index.php

You can get a free account at http://resell.biz/

Let me know if that can be done and also migrate from modernbill and I'll get a license ASAP :)

We'll take a look, thanks much!