Corpus ID: 17368615

Designing a Secure Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems

  title={Designing a Secure Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems},
  author={Faisal Nabi},
  journal={Int. J. Netw. Secur.},
  • Faisal Nabi
  • Published 2011
  • Computer Science
  • Int. J. Netw. Secur.
Currently e-commerce system security focuses on mechanisms such as secure transactional protocols, cryptographic schemes, parameter sanitization and it is assumed that putting these in place will guarantee a secure eCommerce application. However, often vulnerabilities in the business application logic itself are often ignored that can make the efiect of these security mechanisms null and void. Essentially, the weakest link can be at the server rather the client and ignoring this is done at a… Expand
Evaluating & engineering: an approach for the development of secure web applications
This thesis uses SecEval’s Security Context model as a basis for a novel Secure Web Applications’ Ontology (SecWAO), which serves as a knowledge map and extends the modeling approach UML-based Web Engineering by means to model security aspects of web applications. Expand
A Security Review of Event-Based Application Function and Service Component Architecture
The paper achieves this target by analysing, reviewing the security issues, modelling techniques in service component application functionality, while application components, that produces, consume, and processing events. Expand
Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory
A model that integrates fault tree analysis, decision theory and fuzzy theory to determine the vulnerability of a given cybersecurity system is applied and demonstrates the increased vulnerability of e-commerce to cybersecurity attacks, relative to websites or ERP. Expand


Secure business application logic for e-commerce systems
This research focuses on the Security of Middle Tier of e-commerce server that implements the business application logic: good design and engineering, secure configuration, defensive programming and secure wrappers for server-side software. Expand
AJAX: The security risks of AJAX/web 2.0 applications
AJAX (asynchronous Javascript and XML) is a programming mechanism that has enabled developers to deliver a better experience to web users, but just as basic Javascript validation mechanisms did before it, AJAX-based applications may be subject to abuse by intruders who can launch attacks designed to bypass login scripts, for example. Expand
Security & Privacy for E-Business
From the Publisher: An in-depth look at the pressing issues involved in protecting an e-business from external threats while safeguarding customer privacyWith billions of dollars at stake inExpand
A Novel Digital Envelope Approach for A Secure E-Commerce Channel
The result illustrates that HECC is the best alternative asymmetric key technique rather than ECC and RSA in the digital envelope hybrid cryptosystem. Expand
Towards secure SOAP message exchange in a SOA
The integrity feature of a SOAP Account is discussed within a more general context of the current web service security state of the art. Expand
E-Commerce Security: Weak Links, Best Defenses
Dangers in a Changing Paradigm of Business. Deadly Content: The Client-Side Vulnerabilities. Securing the Data Transaction. Securing the Commerce Server. Cracks in the Foundation. Securing the FutureExpand
A Vulnerability Taxonomy Methodology applied to the Web Services
A methodology for taxonomizing vulnerabilities based on the likelihood that they will be present in a certain system is presented, thereby providing a tool to focus efforts in securing Web Services. Expand
XML signature element wrapping attacks and countermeasures
The general vulnerability and several related exploits are described and appropriate countermeasures are proposed, and the guidance necessary to prevent these attacks is provided. Expand
Secure Internet Applications Based on Mobile Agents
An Enhanced Role-based access control model (ERBAC) and an architecture for the ERBAC model are proposed, which will be a suitable approach to achieve both security interoperation and privacy protection in the Internet environment. Expand
Pattern-Oriented Software Architecture, Patterns for Concurrent and Networked Objects
The patterns catalogued in this second volume of Pattern-Oriented Software Architectures (POSA) form the basis of a pattern language that addresses issues associated with concurrency and networking. Expand