Directions for Web and E-Commerce Application Security

In: Computers and Technology

Submitted By maheshjagtap
Words 3283
Pages 14
National Instituate of Technology,Rourkela
Department of Computer Science and Engineering

Term Paper on
Directions for Web and E-Commerce Applications Security
SupervisorProf.P.M. Khilar

Submitted byDinesh Shende Roll No-212CS2102 M.Tech(1st year)

Directions for Web and E-Commerce Applications Security
This paper provides directions for web and e-commerce applications security. In particular, access control policies, workflow security, XML security and federated database security issues pertaining to the web and e-commerce applications are discussed. These security measures must be implemented so that they do not inhibit or dissuade the intended e-commerce operation. This paper will discuss pertinent network and computer security issues and will present some of the threats to e-commerce and customer privacy. These threats originate from both hackers as well as the e-commerce site itself. Another threat may originate at ostensibly friendly companies such as DoubleClick, MemberWorks and similar firms that collect customer information and route it to other firms. Much of this transaction information is able to be associated with a specific person making these seemingly friendly actions potential threats to consumer privacy. Many of the issues and countermeasure discussed here come from experiences derived with consulting with clients on how to maintain secure e-commerce facilities. These methods and techniques can be useful in a variety of client and server environments, also serving to alert e-commerce users of potential threats.

1. Introduction
For the effective operation of the web and e-commerce applications, security is a key issue. The security threats include access control violations, integrity violations, sabotage, fraud, privacy violations, as well as denial of service and infrastructure attacks. All of these threats collectively…...

Similar Documents

E-Commerce in Security Market

... E-COMMERCE IN SECURITY MARKET (Source: Most of the Data & charts from NSE website) A) ABOUT E-COMMERCE World Trade Organisation (WTO) defines E-Commerce as “the production, distribution, marketing, sale or delivery of goods and services by electronic means”. The strategic benefit of making a business ‘e-commerce enabled’, is that it helps reduce the delivery time, labour cost and the cost incurred in the following areas: ➢ Document preparation ➢ Error detection and correction ➢ Reconciliation ➢ Mail preparation ➢ Telephone calling ➢ Data entry ➢ Overtime ➢ Supervision expenses Further, it enables - ➢ Easy reach to a fast growing online community ➢ Unlimited shelf place for products and services ➢ Fuse the global geographical and time zone boundaries ➢ Reach national and global markets at low operating costs The sudden spurt in growth of e-commerce in India is felt due to the following favourable factors: ➢ Rapidly increasing Internet user base ➢ Technology advancements such as VOIP (Voice-over-IP) have bridged the gap between buyers and sellers online ➢ The emergence of blogs as an avenue for information dissemination and two-way communication for online retailers and E-Commerce vendors ➢ Improved fraud prevention technologies that offer a safe and secure business environment and help prevent credit card frauds, identity thefts and phishing ➢ Longer reach - Consumers in the Tier II & Tier III......

Words: 4102 - Pages: 17

Security Issues and Solutions in E-Commerce Applications

...Security Issues and Solutions in Ecommerce Applications The rise in popularity of conducting business online via ecommerce sites has not gone unnoticed by hackers and other cyber-criminals. A rise in the number of transactions and an increase in businesses that have an online presence have provided hackers with increased opportunities to exploit security vulnerabilities in ecommerce applications for personal profit, at the expense of legitimate businesses and users. A successful attack can result in downtime, the theft of user financial and personal information, loss of revenue, and loss of customers. This paper will offer an overview of some common types of security vulnerabilities and attacks on ecommerce platforms as well as some common tactics to prevent such attacks. Additional suggestions for maximizing information security on an application level as well as within an origination will be made with the goal emphasizing the prevention of attacks. There are numerous tactics that exploiters use to gain access to user personal and financial information on ecommerce sites. One common attack is SQL injection, which is a tactic where a hacker inserts SQL query data into user input fields on a web site, with the goal of that query being executed by the database. With the strategic placement of apostrophes, dashes and semi-colons, the hacker can execute queries that bring a web site down, provide access to customer financial and other personal information, and even......

Words: 2158 - Pages: 9

Web Application Security

...Assignment 7 You may search these terms from the web resource links available under Resources to expand on the terminology and/or usage. If you do so, you must provide the reference to the resource as well as cite in your answer with (author, year, and page or paragraph number(s). 1. Create a Word document and name it CS680-Assignment_7_FirstName_LastName.doc(x) (with your name substituted for first name and last name). 2. Part I: put questions in the above file with their respective question numbers and answers, for the following: • From the SINN book – Chapter 7, Review Questions 2 to 22 even p. 292 • From the GREMB book -- Chapter 10, Review Questions 2 to 20 even pp. 275-277 3. Part II: visit the following three sites: • • • For Each of the three sides find three societies or special interest groups that deal with security, application security, or Web application security. Write a synopsis of what the organization does, and how the society or special interest group can help you become more successful Web developer when it comes to implementing security into your software design. This question must be answered with at least 60 words each part with proper citations, proper references, and formatting. Combine the answers into the same above file. From the SINN book – Chapter 7, Review Questions 2 to 22 even p. 292 2. _____________ is concerned with what an identity is allowed to......

Words: 2041 - Pages: 9

E-Commerce Though Web Portal of Patton-Fuller

...INFRASTRUCTURE February 13, 2012 La Shanda Perry Week 5 Assignment This paper will go over the e-commerce or e-business services are available though the current web portal of Patton-Fuller Community Hospital, and compare and contrast the services that other hospital websites make available. Also, this paper will show how a web portal can expanded to provide outside vendor services like Just in Time pharmaceutical replenishment, inventory updates, and financial services. Finally how the use of social networking sites like Facebook might expand or benefits hospital reputation and community base. Well, the problem is Patton-Fuller Community Hospital doesn’t have any kind of e-commerce/e-business services within the hospital. The only thing that Patton-Fuller Community Hospital is upgrading is their emergency room waiting area. This would be a great opportunity for the hospital because it will show people that the hospital is trying to do their best to take care of their patients with the most updated technology possible. Many hospitals around the world are implementing all kinds of new e-business technology. Some hospitals use e-business tool to automatically place orders with all vendors, eliminating the need for staff members to phone in or input daily orders and create paper based purchase orders and invoices. Here is an example in which more than one hospital can use e-business to save a life. In an article written February 9, 2010 Tina Palomino woke up......

Words: 1501 - Pages: 7


...Introduction of e-commerce Electronic commerce can be defined as sales or purchase of goods and services or any commercial transaction through electronic systems such as internet, telephone and e-mail. There are several forms of e-commerce, including: Business-to-Business (B2B) is the electronic transactions between enterprises for conducting business. Business-to-Consumer (B2C) is the business sell of products or services directly to customers, such as Gmarket, Alibaba etc. Consumer-to-consumer (C2C) is the business conduct between consumers. This usually is a form of auction or forum site, such as E-bay. Consumers post what they intend to sell on the webpage, other consumers can access and bid for the item. Customer-to-business (C2B) is a form of business offered by consumer to business to exchange for money. For example, designers sell a design to a multimedia manufacturing company online. One of the major subset of E-commerce is mobile commerce. It is the sale and purchase of goods or services or conducts any business activities through internet connection using handy devices such as mobile phones and tablets. Mobile commerce is getting popular and can be defined as the next generation of e-commerce. Businesses conduct e-commerce to stay competitive. Some of the businesses are successful with the use of e-commerce, such as online shop Amazon and DBS Bank. Amazon provides a massive range of products. They are focus on their selection, price and convenience. Customers......

Words: 3739 - Pages: 15

Web Application Security Unit 9 Assignment

...Unit 9 Discussion 1: Business anywhere-Security and the mobile User The need for employees to check their emails and keep in touch with customers is becoming more and more of a frequent need to keep business moving. National Express Packaging’s employees are in need of using end point devices such as mobile phones, tablets, laptops and USB devices to access company information. There have been various requests upon this subject per department and it is necessary to provide specific end point devices to the various departments only depending on what they need. The sales team only needs to check email and their work contacts frequently. A mobile device such as a cell phone can be used in this case for this department. The sales employees will be able to check their email at any time providing they have an encrypted connection to go along with their email. This device can be provided by the company or they can use their own device but a policy must be in place if the personal mobile device will be used. The Service team needs to be able to check online for packaging rates and be able to chat with users. In this department, it is best to use a tablet in the case that the tablet will have internet access and will use a specific application to be able to chat with customers. For the IT department, users should have the ability to use a laptop as they will be doing more rigorous activities. The laptop must be secured and hardened to prevent remote attacks. In order to connect to to...

Words: 493 - Pages: 2


... | |Electronic Commerce |Electronic commerce is the buying and selling of goods and services on the Internet, especially the World Wide | | |Web. | |Etsy/Pinterest |Online websites for buying and selling products and ideas. | Executive summary The main objective of this report is to identify and analyse the benefits and problems associated using the E-commerce. The case study evolves the client, Miss Amanda Jane Walter in which her horse riding apparel business is threaten as many customers search and buy the products online compared to Amanda Jane who only sells the items directly to their customer. This report explains how E-commerce can be incorporated to help the company, Amanda Jane Horse Wear, to improve its business operations and improve on its advertising to outreach to a greater target audience within the horse-riding community. Some benefits identified include increased business efficiency, reduced operations cost, providing additional convenience to customers and expanding the company’s current customer base. On the other hand, the report will highlight the challenges that the business might face in the technological and managerial aspects; such as security issues, the cost involved in installing accompanying...

Words: 2826 - Pages: 12


...Influencing the online consumer’s behavior: the Web experience Efthymios Constantinides The author Efthymios Constantinides is an Assistant Professor at the University of Twente, Faculty of Business, Public Administration and Technology, Department of Marketing, Strategy and Entrepreneurship, Enschede, The Netherlands. Keywords Internet marketing, Worldwide web, Online operation, Consumer behaviour, Buying behaviour The consumers” buying behavior has been always a popular marketing topic, extensively studied and debated over the last decades while no contemporary marketing textbook is complete without a chapter dedicated to this subject. The predominant approach, explaining the fundamentals of consumer behavior, describes the consumer buying process as a learning, information-processing and decision-making activity divided in several consequent steps: (1) Problem identification. (2) Information search. (3) Alternatives evaluation. (4) Purchasing decision. (5) Post-purchase behavior (Bettman, 1979; Dibb et al., 2001; Jobber, 2001; Boyd et al., 2002; Kotler, 2003; Brassington and Pettitt, 2003). A distinction is frequently made between high and low involvement purchasing, implying that in practice the actual buying activity can be less or more consistent with this model, depending on the buyer’s perceived purchasing risks. High or low degree of involvement is also a question of buyer experience; products purchased for the first time, in general, require more involvement......

Words: 10668 - Pages: 43


...E-Commerce A Brief Examination of a Popular Electronic Information Technology The purpose of this assignment is to “demonstrate an understanding of information systems, define and display how information technology may be used strategically in organizations.” The following discussion specifically focuses on the electronic business of E-Commerce and identifies how this industry uses information technology to compete, provide goods/services and offer innovative trends within the consumer market place. Characterizing Commerce Commerce is generally defined as “a division of trade or production which deals with the exchange of good and services from a producer to the consumer.” It also encompasses the “trading of information and funds or other entities” that maintain economic value. Characterizing E-Commerce E-Commerce is commonly referred to as “electronic marketing.” It consists of buying, selling or the exchange of goods and services over an electronic medium such as the internet or other computer based networks where a transaction or “terms of sale” are performed electronically. E-Commerce Popularity Since the advent of the internet and the potential uses information technology brought to the business environment, nearly all main stream commerce related industries discovered an opportunity to establish a presence in the electronic marketing environment due to the low entry cost and reductions in transaction expenses that provided......

Words: 1725 - Pages: 7

Web Application Security

...Web Server Application Attacks Brooks Gunn Professor Nyeanchi CIS 502 July 10, 2013 Web Server Application Attacks Many organizations have begun to use web applications instead of client/server or distributed applications. These applications has provided organizations with better network performance, lower cost of ownership, thinner clients, and a way for any user to access the application. We applications significantly reduce the number of software programs that must be installed and maintained in end user workstations (Gregory 2010). Web applications are becoming a primary target for cyber criminals and hackers. They have become major targets because of the enormous amounts of data being shared through these applications and they are so often used to manage valuable information. Some criminals simply just want vandalize and cause harm to operations. There are several different types of web application attacks. Directory traversal, buffer overflows, and SQL injections are three of the more common attacks. One of the most common attacks on web based applications is directory traversal. This attack’s main purpose is the have an application access a computer file that is not intended to be accessible. It is a form of HTTP exploit in which the hacker will use the software on a Web server to access data in a directory other than the server’s root directory. The hacker could possibly execute......

Words: 1620 - Pages: 7

E Commerce

...LIMITATIONS OF E-COMMERCE Technical Limitations  Lack of sufficient system's security, reliability, standards, and communication protocols.  Insufficient telecommunication bandwidth.  The software development tools are still evolving and changing rapidly.  Difficulties in integrating the Internet and electronic commerce software with some existing applications and databases.  The need for special Web servers and other infrastructures, in addition to the network servers (additional cost).  Possible problems of interoperability, meaning that some E-commerce software does not fit with some hardware, or is incompatible with some operating systems or other components. Non-Technical Limitations  Cost and justification (35% of the respondents) The cost of developing an EC in house can be very high, and mistakes due to lack of experience, may result in delays. There are many opportunities for outsourcing, but where and how to do it is not a simple issue. Furthermore, to justify the system one needs to deal with some intangible benefits which are difficult to quantify.  Security and Privacy (17% of the respondents) These issues are especially important in the B2C area, and security concerns are not truly so serious from a technical standpoint. Privacy measures are constantly improving too. Yet, the customers perceive these issues as very important and therefore the E-commerce industry has a very long and difficult task of convincing customers that online......

Words: 389 - Pages: 2

Security for Web Applications

...RECENT CYBER ATTACKS SANDEEP VEMULAPALLI 12917417 IA-606 ST.CLOUD STATE UNIVERSITY SEP4, 2015 Cyber Attack: The attempt of breaching the security layers of an organization or a system by disrupting the network and there by accessing, stealing, modifying or destroying the valuable data and using the data for fraudulent purposes, causing a loss to the organization is called a Cyber Attack Origin: The idea of cyber attacks began at the earlier development of World Wide Web (www) in this stage there was not much harm to the organization but as there was advancement in technology the number of hackers increased day by day and also the effectiveness of the hacking technology has increased a lot which results a severe damage to the organization In more recent times many organizations like manufacturing companies, IT companies, banks and health care providers have been prone to the cyber theft and they lost huge volume of information which incurred huge losses to the companies. Some of the examples include the attack on Target, Primera Blue Cross, E-Bay, JP Morgan Chase bank Sony PSN and many other. These attacks have happened because of poor security measures and the loopholes in the system by which hackers gained access and made the companies to compromise a huge volume of information. Cyber Attack on Primera Blue Cross: Primera blue cross is one of the leading insurance company in Washington .It has undergone a cyber attack on May 5th and the......

Words: 1000 - Pages: 4


...I. E - COMMERCE Electronic commerce, commonly known as e-commerce or eCommerce, consists of the buying and selling of products or services over electronic systems such as the Internet and other computer networks. The amount of trade conducted electronically has grown dramatically since the spread of the Internet. A wide variety of commerce is conducted in this way, spurring and drawing on innovations in electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), automated inventory management systems, and automated data collection systems. Modern electronic commerce typically uses the World Wide Web at least at some point in the transaction's lifecycle, although it can encompass a wider range of technologies such as e-mail as well. A small percentage of electronic commerce is conducted entirely electronically for "virtual" items such as access to premium content on a website, but most electronic commerce involves the transportation of physical items in some way. Online retailers are sometimes known as e-tailers and online retail is known as e-tail. E-commerce or electronic commerce is generally considered to be the sales aspect of e-business. If we want to define a term e – commerce we can choose between various definitions. According WTO it is “production, distribution, marketing, selling and expedition of goods and services by using of electronical measures.” According the Commission that......

Words: 8063 - Pages: 33


...[pic][pic] E-Commerce Management (Lecturer: Mr Damien Yam) Individual Assignment Assignment Question: Explain how the use of Information Communication Technology (ICT) and E-Commerce has produced competitive advantage to Hospitality Industry Done by: Jane Lim Chiew Ping Submitted on: 19th November 2009 Table of Contents Page 1.0 Introduction……………………………………….. ………03 2.0 E-Commerce Applications for Hospitality Organizations…05 3. Lodging……………………………………………….........06 4.0 Food Industry………………………………………………12 5.0 Meetings and Events………………….……………………14 6. Entertainment/Recreation………………………………….15 7. Airlines………………………………. ……………………16 8. Travel Agents……………………………………………....19 9. Cruise Lines ………………………………………………..21 10. Conclusion……………………………………………….. ..24 11. References………………………………………………….25 [pic] Introduction When most people think about hospitality industry, they have visions of hotels, airlines, cruise ships, restaurants, health spas, and the like, based on their personal experiences. All aspects of the industry are involved in business processes at the operations level. Business processes consist of transactions and interactions with guests or customers, employees and even other businesses. A transaction is an activity such as checking in to a hotel or placing an order in a restaurant. Interactions include the relationships......

Words: 3132 - Pages: 13


...considerable time after the so called ‘Internet revolution’, electronic commerce, commonly known as e-commerce or eCommerce, remains a relatively new, emerging and constantly changing area of business management and information technology. There has been and continues to be, much publicity and discussion about e-commerce. According to the editor-in-chief of the International Journal of Electronic Commerce, Vladimir Zwass, ‘Electronic commerce is sharing business information, maintaining business relationships and conducting business transactions by means of telecommunications networks’ (Zwass, 1996). However, the term may refer to more than just buying and selling products online. It also includes the entire online process of developing, marketing, selling, delivering, servicing and paying for products and services. The amount of trade conducted electronically has grown extraordinarily with widespread Internet usage and is predicted to continue at this rate, or even accelerate. Electronic commerce covers a range of different types of businesses, from consumer based retail sites, through auction or music sites to business exchanges trading goods and services between corporations (Beyon-Davies, 2009). It is currently one of the most important aspects of the Internet to emerge (Curtis and Cobham, 2005). Although "conventional" commerce is still used by many companies, there is a growing tend to use electronic commerce, as more and more businesses move sections of their......

Words: 2589 - Pages: 11

รายการ Bullit The Documentary | Ao No Exorcist | Code Geass: Lelouch of the Rebellion R2