Survey on Security Assessement for E Commerce Website

...

However, in the case of e-commerce systems, the vulnerabilities acquire a graver dimension due to the financial nature of transactions. What is at stake is not only a direct loss of revenues, but companies may face a serious loss to their reputations as well. In some cases, they may be faced with legal penalties for violating customer privacy or trust, as in the case of Guess.com and PetCo.com. It is of paramount importance for designers and developers of web applications to consider security as a primary design goal and to follow secure coding guidelines in order to provide the highest possible degree of assurance to their customers.

In a number of cases, it is found that e-commerce sites tout their 128-bit SSL certificates as proof that their sites are well secured. The gullibility of customers to believe in this has reduced over the past few years, but even now there are thousands of web sites displaying Verisign or Thawte certificate icons as proof of their security.

This report is organized as follows. Chapter 2 describes the abstract of references related to this paper. Chapter 3 describes system design and implementation of this system. Chapter 4 shows the results of this system. Chapter 5 gives the conclusion.

---------------------------------------------------------------

CHAPTER 2

---------------------------------------------------------------

LITERATURE SURVEY

In 2009, Design and Implementation of e-commerce measurement system [1] by Deng Yu Liang approached In order to reveal the implementation efficiency of tour e- commerce, factor analysis is used in this paper. By quality measurement system design of tour e-commerce website, pretest and pilot test, single-dimension scale test, reliability analysis and validity testing, factor analysis can effectively reveal the correlation between web site design elements, web site content elements, web site feature elements and web site effect elements. For illustration, the collected copies are 260, the effective questionnaire returns-ratio are 100%, which has satisfied the requirement that the questionnaire returns-ratio is not lower than 20% in the data investigation. The empirical results show that the effectiveness of sample composition is stronger, factor loadings on the corresponding factor of each indicator is greater than 0.5 for the critical value. The minimum value of Cronbach's α is 0.7023 and the sample reliability is higher. The empirical research has revealed that the construction of tour sites is basically a lack of clear tour theme, which has not effectively been able to reflect the main development direction of tour enterprises.

In 2010, The ten most critical Web application security risks [2] by 0WASP approached Today almost all organizations have improved their performance through allowing more information exchange within their organization as well as between their distributers, suppliers, and customers using web support. Databases are central to the modern websites as they provide necessary data as well as stores critical information such as user credentials, financial and payment information, company statistics etc. These websites have been continuously targeted by highly motivated malicious users to acquire monetary gain. Structured Query Language (SQL) injection and Cross Site Scripting Attack (XSS) is perhaps one of the most common application layer attack technique used by attacker to deface the website, manipulate or delete the content through inputting unwanted command strings. Structured Query Language Injection Attacks (SQLIA) is ranked 1st in the Open Web Application Security Project (OWASP) [1] top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. There is a detailed review on various types of Structured Query Language Injection attacks, Cross Site Scripting Attack, vulnerabilities, and prevention techniques.

---------------------------------------------------------------

Besides presenting our findings from the survey, it has also proposed future expectations and possible development of countermeasures against Structured Query Language Injection attacks.

In 2010, Optimal speed control of mobile node for data collection in sensor networks [3] by Gupta RV approached A data mule represents a mobile device that collects data in a sensor field by physically visiting the nodes in a sensor network. The data mule collects data when it is in the proximity of a sensor node. This can be an alternative to multihop forwarding of data when people can utilize node mobility in a sensor network. To be useful, a data mule approach needs to minimize data delivery latency. It is first formulated that the problem of minimizing the latency in the data mule approach. The data mule scheduling (DMS) problem is a scheduling problem that has both location and time constraints. Then for the 1D case of the DMS problem, design of an efficient heuristic algorithm that incorporates constraints on the data mule motion dynamics. It provides lower bounds of solutions to evaluate the quality of heuristic solutions. Through numerical experiments, it is shown that the heuristic algorithm runs fast and yields good solutions that are within 10 percent of the optimal solutions.

In 2013, New requirements of modern e-commerce on computer security technology [4] by Yang Ting approached The Web today has become the most used and popular platform for application development. In the beginnings of the Web, applications provided users just the ability to browse and read content. The expansion and adoption of new web technologies has led to a significant increase in development and, more importantly, usage of web applications that allow users to create their own content and impact their life (e.g. e-banking, e-commerce, social networks). Web 2.0 applications introduced new possibilities for both users and application developers, but also created new security concerns. Almost every Internet user uses a web browser to access any content on the Internet. Each web application is designed and developed to be executed inside the web browser. The web browser mediates between users and applications. In such an architecture, malicious applications could be loaded and executed inside the web browser, making it a vulnerable point in preserving security. Modern web applications demand for a new web browser architecture design that will meet new security requirements arisen with Web 2.0. In this paper, studying of web browser vulnerabilities, analyze popular web browsers architecture and present how they cope with potential securitythreats.