Table of Contents

SECURITY ISSUES IN E-BUSINESS3

Introduction3

Discussion3

The security risks of component-based software4

Designing for security4

Defensive programming5

Sanitising user input6

Using environment variables6

Leveraging existing safety features7

Wrapping the business application logic7

Conclusion9

REFERENCES11

Security Issues in E-Business

Introduction

How to market your e-commerce continues to heat up much ? most stakeholders in the market are quick to claim that the system is safe. Encryption protocols such as SSL promoted as proof the security of ecommerce merchants. Lost in the hype are the real risks to the security of e-commerce (Survey Report, 2002).

Discussion

Encrypting data when running transaction provides critical privacy and integrity ? ? ? authentication, these attributes are only a small part of a security to be provided for the security of electronic commerce. Businesses involved in e-commerce face a higher risk of attack ? risk heavy losses and a high rate of ? loss incident than simply put up Web pages (Stein ?1998b).

Figure 1. Secure business application logic model for e-commerce systems security.

While security front-end and back-end software systems e-commerce application guarantees equal attention ?, this article focuses on middle-tier servers, security, eCommerce, implements the business logic of your application. The end result is a complex software system ? if shortcomings ? could lead to a complete compromise the security of the site (Sielgel ?1996). Software based on the paradigm also has good software development (see “Designing for Security” section).

The security risks of component-based software

Although the component-based software provides many benefits, it sets a dangerous ? like CGI-scripts. Regardless of implementation - CGI application servers - risks secure server software, and therefore high ? server software must be carefully designed and implemented using the techniques covered in the following sections (Lawrence and Corbett ?2000).

Designing for security

As with all software ? good design and engineering practices are important for software quality. This point is particularly important for the development of critical security software, such as e-commerce applications. Instead of thinking about security as addons ? security software systems must be designed into the system from the earliest stages of data collection through ? ? ? integration testing, and deployment requirements. The purpose of design for security is to break penetrate and patch thinking that pervades today's commercial software security and replace it with a ? process for finding and fixing errors related to software versions (Labuschagne and Eloff ?2000).

One of the most common is easily preventable - security risk is software misconfiguration. CGI scripts ? too ? must be correctly configured for security. A feature supported by many Web servers is the ability for individuals throughout the Organization writing CGI scripts and execute them from their own directories. Although useful for "interception" personal Web pages, you can enter ? scripting security system (Kamthan ?1999).

Configuring CGI scripts directory is correctly using the operating system. should be available to the system administrator or Web development content groups only ? and unavailable for everyone else in the organization. If the script sources fall into the hands of a malicious performers ? source code can be checked for defects ? even facilitates the ...