Abstract
ABSTRACT Modern e-commerce systems are more likely focused on mechanisms of security, such as secure transactional protocols, cryptographic schemes and parameter sanitization, and it is assumed that putting these in place will guarantee a secure e-commerce application. However, vulnerabilities in the business application logic itself are often ignored which can make the effect of these security mechanisms null and void. Essentially, the weakest link can be at the server rather than client because of business logic and insecure server-side business components, its security ignoring is another factor, which is done at developer’s peril. This paper focuses on the weakest link (component’s logic subversion) in the e-commerce system. We outline a logical attack (subversion attack, class Design Flaw) that would not be prevented by the deployment of the mechanisms commonly used in e-commerce systems. To further investigate this problem, we propose a security assurance methodology for service component-oriented application that will be practiced through threat modeling and component fault detection model with further modeling component and its application using unified modeling language secure-design approach with a valid technique (verification, validation model for security-by-design testing) for design flaw detection to avoid the business logic problem in component-based e-commerce applications from existing application logic.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call