E Commerce Application Security Technology Essentials

by Miriam Kalpar.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on web design and development  

You are here: Categories » Internet » Web design and development

In today’s marketplace, across all industry segments, businesses are realizing that transformation to e-business is required to remain competitive. Analysts predict that companies not making the necessary changes will be overrun by their competition. As enterprises around the world undergo transformations, they are increasingly leveraging Internet technologies to help:

  1. Broaden their markets by extending their reach globally.

  2. Enter new business areas through collaborations or expanded services made possible with Web-based interactions.

  3. Increase employee productivity by providing easier access to corporate information and services.

  4. Reduce costs through improved operations that integrate Web access and traditional IT systems

The e-business transformation is not only changing the competitive landscape, it is changing the very nature of how enterprises view security. Data and transaction security is of paramount importance in this age of rapidly expanding commercial and public computer networks and the emerging Internet economy. For an e-business transformation to be successful, the role that security plays has to become a top priority in every company that makes use of information technology.

In other words, the Internet has forever changed the way business gets done. E-commerce-based applications are enabling interaction among customers, prospects, and partners. Unfortunately, many e-commerce-based applications have inherent vulnerabilities and security-oriented design flaws. Internet-based attacks exploit these weaknesses to compromise sites and gain access to critical systems.

Security awareness for e-commerce-based applications is, therefore, essential to an organization’s overall security posture. The key to a successful program is an integrated, multilayer approach to vulnerability assessment (VA), intrusion detection system (IDS), and event correlation.

This part of the article very briefly highlights emerging threats specific to e-commerce application security and provides guidance on effective approaches to e-commerce application protection. E-commerce applications require a new approach to threat categories. Nevertheless, improved security relative to e-commerce applications can be easily achieved through the effective leverage of existing software solutions.

A Growing Threat

As businesses open their networks to business partners, customers, and their mobile workforce, they are significantly increasing both the value and vulnerability of their online assets. Security incidents are costly, with organizations losing productivity as well as experiencing business interruption, legal exposure, and shareholder liability. Merger and acquisition due diligence and insurability concerns, as well as regulatory requirements, are generating even broader awareness that information protection is a critical need.

Most organizations already have some degree of online security infrastructure—firewalls, intrusion detection systems, operating system hardening procedures, and so on. The problem is that they often overlook the need to secure and verify the integrity of internally developed applications and coded pages against external attacks. In these circumstances, simple manipulation of client code or data, such as the price of goods in an online shopping basket application or sending corrupt and incorrect data to the server can lead to fraudulent transactions or theft of confidential information. An understanding of manipulation techniques combined with rigorous client-side security testing will lead to greater security.

Rigorous Client-Side Testing Is Required

Direct attacks against e-commerce applications through manipulation of their inherent vulnerabilities have become commonplace due to the relative ease. Rigorous, client-side security testing and an understanding of manipulation techniques is essential to identifying the potential failure points of e-commerce applications.

The most prevalent methods of attack on applications include buffer overflow attacks, exploitation of application component privileges, and client-side manipulation. On top of the e-commerce server’s OS, several subcategories of applications exist in which vulnerabilities may be exploited, including the following:

Database: Database application vulnerabilities for Microsoft SQL Server, Oracle, Sybase, and IBM DB2, including bugs, misconfigurations, and default/blank passwords

Web and application server: Vulnerabilities for CGI, Java, Xquery, default files, and other resources called by applications, as well as Web servers (IIS, Apache) and development environments (ColdFusion, etc.)

Web site and application: HTML and XML applications; assessment functions include Web crawling and step-through testing

VA, the starting point for this process, is extremely important for both discovery and identifying vulnerabilities. This process allows an organization to turn off unused services, identify and patch vulnerable software, and make educated decisions about which elements of the overall infrastructure require the most extensive protection measures.

Information gained through VA helps set up significantly more effective IDS implementation and allows the IDS to feed attack and misuse information back into the VA process to ensure that successful penetrations cannot be repeated. This process takes place at the network, server, desktop, and application levels, and can additionally be used to validate that an intrusion protection system is in place and functional.

Finally, it can be extremely difficult for any automated audit and assessment application to know how custom applications will respond to cookie manipulation, form field manipulation, and other e-commerce application threats without carrying out a complete, link-to-link, application-specific assessment. This is a time-consuming, interactive analysis best performed by someone with both security and Web development knowledge—a rarely combined skill set. Organizations may need to dedicate additional staff to fully realize and take advantage of the results promised by such analysis, or to outsource the review to leverage the security and application programming expertise of an organization with the appropriate skills specialization.

Share
Leave a comment or ask a question
Total comments: 0

Web design and development Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
XHTML in web design - Brief description Network is changing. In fact, the networks are changing every day: different languages, algorithms, concepts and thinking. As you have just fin (more...)
The Top 4 Benefits of a Content Management System - One of these tools is called a "content management system," or CMS for short, and I want to spend just a little bit of time telling you what I consider to be the top four benefits of using a CMS to (more...)
What is a Content Management System - A content management system (CMS) is a system used to manage the content of a Web site. In brief, we can say content management system for the formation, alteration, archiving and exclusion (more...)
Importance of Attractive Website Footer - Attractive website footer can increase attention of your website as well as help to increase your online leads or online sales. These days many add-ons customized website footer available on the In (more...)
Building Shopping Cart Applications - The heart of any Web store is the software that it runs on. However, up until relatively recently, software solutions for e-commerce were largely do-it-yourself affairs, consisting of a number (more...)
Tips for Web Design and Development - In the Today's tough competition every business need create their brand value and promote their company on internet. For this a business need a website where they will list their all the services (more...)
Tips for Branding and Website Site Strategies for Doctors - Whether you are a homeopathic doctor, a veterinarian, a physical therapist or chiropractor times have changed in regards to marketing your practice. The great world wide w (more...)
New Perspective of Web Design - Designers feel favors with pretty pages with good visual effects. But have you tasted the web design further? How to design a popular website? This is important. If the site looks very (more...)
Domain names and web design - There are many people willing to create a website for you, but not all people will do, though you are willing to pay them money. Then there is a way to create your own web site by yo (more...)
Outdated Web Design Trends - The following 3 items are outdated website trends! If you are using any of these currently, consider a re-work of your site. If you're getting ready to develop a new website, think about it long (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.