Survey on Security Assessement for E Commerce Website
Essay Preview: Survey on Security Assessement for E Commerce Website
Report this essay
CHAPTER 1INTRODUCTIONE-commerce is a transaction of buying or selling online. Electronic commerce draws on technologies such as mobile commerce, electronic funds transfer, supply chain management,   Internet   marketing,   online   transaction   processing,   electronic   data interchange  (EDI),  inventory management systems,  and  automated  data  collection systems. Modern electronic commerce typically uses the World Wide Web for at least one part of the transactions life cycle although it may also use other technologies such as e-mail.               Contemporary electronic commerce involves everything from ordering “digital” content for immediate online consumption, to ordering conventional goods and services, to “meta” services to facilitate other types of electronic commerce.E-commerce website is the main carrier of enterprise and consumer interaction and complete online transactions, it is important to evaluate the performance of enterprise e-commerce  system.  According  to  China  Internet  Network  Information  Center  2010 online shopping market size was over 430 billion yen compared with 2009 that is a substantial growth.With the popularity and rapid development of Internet, e-commerce has become increasingly integrated into our lives, provides us with the convenience of life, people are becoming increasingly dependent on these services. But in such an open architecture Internet, coupled with the impact of other factors, the e-commerce sites face attack and destruction events which emerge in an endless stream, which great deal of trouble and security risks to our economic activities. With the rapid development of e-commerce sites,  the  presence  of  security  vulnerabilities  in  this  site  is  gradually  exposed. Vulnerability refers to the existence of a systems weaknesses or flaws, it is exploited by the attack which could cause the software to enter an unsafe state. According to Symantec released  the  “Symantec  Internet  security  threat  report”,  more  than  60%  of  software security vulnerabilities is about web application, these vulnerabilities could lead web applications  subjected to various attacks, such as denial of service attacks, SQL injection, steal user information.        OWASP (open web application security project) of the ten most important web application threat report showing injection attacks and cross site scripting attacks are mostserious shown in Table.1.1 and Table.1.2.OWASP Top 10-2010A1-InjectionA2- Cross Site ScriptingA3- Broken Authentication and Session ManagementA4-Insecure Direct Object ReferencesA5-Cross Site Request ForgeryA6-Security MisconfigurationA7-Insecure Cryptographic StorageA8-Failure to Restrict URL AccessA9-Insufficient Transport Layer ProtectionA10-Unvalidated Redirects and Forwards

Table 1.1:  2010 Owasp Ten News Security ThreatsOWASP Top 10-2013A1-InjectionA2- Broken Authentication and Session ManagementA3- Cross Site ScriptingA4-Insecure Direct Object ReferencesA5- Security MisconfigurationA6- Sensitive Data ExposureA7-Missing Function Level Access ControlA8-Cross Site Request ForgeryA9-Using Known Vulnerable ComponentsA10-Unvalidated Redirects and ForwardsTable 1.2:  2013 Owasp Ten News Security ThreatsOne reason for the security vulnerabilities is due to the lack of experience in the site development staff, the security problem is not enough attention to, the most important[pic 4][pic 5]is the lack of a comprehensive security testing and evaluation.Figure 1.1: Typical E-commerce VulnerabilitiesFunction of electronic commerce enterprises, scientific evaluation, can effectively help the enterprise to find the technical vulnerability management process, eliminate network of e-commerce platform in the practical application of security risks, effectively at the same time the consumer reasonable consumer guide. Most existing domestic and international ecommerce Web site evaluation limited to site stability evaluation, assessment Consumer Satisfaction Survey and opportunities specific website, lack of a specific security assessment. This paper focuses on the security of e-commerce sites to be tested for security vulnerabilities, and design a targeted safety assessment system, the data obtained by testing, evaluation modules come through a Site Security visualization of quantitative and qualitative results, and convenient for security measures proposed.Figure 1.2: E-commerce Transaction with Hacker[pic 6][pic 7][pic 8][pic 9]Figure 1.3: Identifying the riskOne of the main reasons for such vulnerabilities is the fact that web application developers are often not very well versed with secure programming techniques. As a result, security of the application is not necessarily one of the design goals. This is exacerbated by the rush to meet deadlines in the fast-moving e-commerce world. Even one days delay in publishing a brand new feature on your website could allow a competitor to steal a march over you. Typically found this in cases where e-commerce sites need to add functionality rapidly to deal with a sudden change in the business environment or simply to stay ahead of the competition. In such a scenario, the attitude is to get the functionality online; security can always be taken care of later. Another reason why security vulnerabilities appear is because of the inherent complexity in most online systems. Nowadays, users are placing very demanding requirements on their e-commerce providers, and this requires complex designs and programming logic.

Get Your Essay

Cite this page

Security Assessement And Chapter 1Introductione-Commerce. (June 15, 2021). Retrieved from https://www.freeessays.education/security-assessement-and-chapter-1introductione-commerce-essay/