Abstract
This research paper addresses the topic of application logic attack taxonomy that is due to unclear and incorrect implementation in component-based applications. The issue addresses the detection and classification of two separate types of vulnerabilities in component-based applications. The paper completes this aim through organising the classification of each attack and then proposes the classification of logical vulnerabilities and discusses the two distinct forms of weakness and coding faults in the application software found in the mid-level of the framework. The most important argument is to desegregate awareness of attack patterns with boundary profile status relevant to an application logic vulnerability and possible threats. Having review of two different types of attack taxonomies, a logical vulnerability classification based taxonomy is proposed.
Highlights
The implementation of advanced mechanisms for managing asynchronous events in web browsers and the advent of many frameworks for rapid prototyping of server-side components have been stimulated by the growth of emerging technologies and the shift from 'conditional' applications to Internet-based platforms
We reviewed 25 taxonomies from 1974 to 2017 and analysed different levels of vulnerabilities, property taxonomies, web application vulnerabilities, network vulnerability taxonomy and software vulnerability taxonomy of e-commerce threat classifications before restricting the main scope of this study to address the logical problems of the web software application due to mismatch between design and architecture
Web applications and systems for e-commerce and those elements that form the basis of our methodology are strongly linked to a set of traditional computer security principles, the "five pillars." We developed a Security Vulnerability Evaluation Model focused on "Five Pillar" Computer Security Elements for component-based e-Commerce software applications and systems
Summary
The implementation of advanced mechanisms for managing asynchronous events in web browsers and the advent of many frameworks for rapid prototyping of server-side components have been stimulated by the growth of emerging technologies and the shift from 'conditional' applications to Internet-based platforms (e.g., mail readers). This is achieved by organizing the critical classifications that suggest the classification of logical vulnerabilities centred on design faults versus technological faults focused on web application deficiencies and defects at the implementation level from a security evaluation perspective of component-based software applications. Since most (Nabi and Nabi, 2017) researchers did not find any information on the design vulnerabilities in realtime, they could not provide any information on this vulnerability and its attack classifications
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
