Survey on Security Assessement for E Commerce Website
Essay by SUSHMA_M_S • May 11, 2017 • Case Study • 5,778 Words (24 Pages) • 1,038 Views
CHAPTER 1
INTRODUCTION
E-commerce is a transaction of buying or selling online. Electronic commerce draws on technologies such as mobile commerce, electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems. Modern electronic commerce typically uses the World Wide Web for at least one part of the transaction's life cycle although it may also use other technologies such as e-mail.
Contemporary electronic commerce involves everything from ordering "digital" content for immediate online consumption, to ordering conventional goods and services, to "meta" services to facilitate other types of electronic commerce.
E-commerce website is the main carrier of enterprise and consumer interaction and complete online transactions, it is important to evaluate the performance of enterprise e-commerce system. According to China Internet Network Information Center 2010 online shopping market size was over 430 billion yen compared with 2009 that is a substantial growth.
With the popularity and rapid development of Internet, e-commerce has become increasingly integrated into our lives, provides us with the convenience of life, people are becoming increasingly dependent on these services. But in such an open architecture Internet, coupled with the impact of other factors, the e-commerce sites face attack and destruction events which emerge in an endless stream, which great deal of trouble and security risks to our economic activities. With the rapid development of e-commerce sites, the presence of security vulnerabilities in this site is gradually exposed. Vulnerability refers to the existence of a system's weaknesses or flaws, it is exploited by the attack which could cause the software to enter an unsafe state. According to Symantec released the "Symantec Internet security threat report", more than 60% of software security vulnerabilities is about web application, these vulnerabilities could lead web applications subjected to various attacks, such as denial of service attacks, SQL injection, steal user information.
OWASP (open web application security project) of the ten most important web application threat report showing injection attacks and cross site scripting attacks are most
serious shown in Table.1.1 and Table.1.2.
OWASP Top 10-2010 |
A1-Injection |
A2- Cross Site Scripting |
A3- Broken Authentication and Session Management |
A4-Insecure Direct Object References |
A5-Cross Site Request Forgery |
A6-Security Misconfiguration |
A7-Insecure Cryptographic Storage |
A8-Failure to Restrict URL Access |
A9-Insufficient Transport Layer Protection |
A10-Unvalidated Redirects and Forwards |
Table 1.1: 2010 Owasp Ten News Security Threats
OWASP Top 10-2013 |
A1-Injection |
A2- Broken Authentication and Session Management |
A3- Cross Site Scripting |
A4-Insecure Direct Object References |
A5- Security Misconfiguration |
A6- Sensitive Data Exposure |
A7-Missing Function Level Access Control |
A8-Cross Site Request Forgery |
A9-Using Known Vulnerable Components |
A10-Unvalidated Redirects and Forwards |
Table 1.2: 2013 Owasp Ten News Security Threats
One reason for the security vulnerabilities is due to the lack of experience in the site development staff, the security problem is not enough attention to, the most important[pic 4][pic 5]
is the lack of a comprehensive security testing and evaluation.
Figure 1.1: Typical E-commerce Vulnerabilities
Function of electronic commerce enterprises, scientific evaluation, can effectively help the enterprise to find the technical vulnerability management process, eliminate network of e-commerce platform in the practical application of security risks, effectively at the same time the consumer reasonable consumer guide. Most existing domestic and international ecommerce Web site evaluation limited to site stability evaluation, assessment Consumer Satisfaction Survey and opportunities specific website, lack of a specific security assessment. This paper focuses on the security of e-commerce sites to be tested for security vulnerabilities, and design a targeted safety assessment system, the data obtained by testing, evaluation modules come through a Site Security visualization of quantitative and qualitative results, and convenient for security measures proposed.
Figure 1.2: E-commerce Transaction with Hacker[pic 6][pic 7][pic 8][pic 9]
Figure 1.3: Identifying the risk
One of the main reasons for such vulnerabilities is the fact that web application developers are often not very well versed with secure programming techniques. As a result, security of the application is not necessarily one of the design goals. This is exacerbated by the rush to meet deadlines in the fast-moving e-commerce world. Even one day's delay in publishing a brand new feature on your website could allow a competitor to steal a march over you. Typically found this in cases where e-commerce sites need to add functionality rapidly to deal with a sudden change in the business environment or simply to stay ahead of the competition. In such a scenario, the attitude is to get the functionality online; security can always be taken care of later. Another reason why security vulnerabilities appear is because of the inherent complexity in most online systems. Nowadays, users are placing very demanding requirements on their e-commerce providers, and this requires complex designs and programming logic.
...
...