Study on the Application Layer Security in e-Commerce Websites

Date Added: Jul 2009
Format: PDF

Most of studies about E-Commerce Security focus on the data confidentiality issue. Although security mechanisms, such as SSL (secure socket layer) or SET (secure electronic transaction), have been adopted in websites, catastrophic events that confidential data in ECommerce are revealed happened more than once. The essential reason for this is that there exist potential security vulnerabilities in the E-Commerce applications themselves. The origins of these vulnerabilities are mainly from the lack of reliable input validation that can prevent E-commerce application from attacks. SQL Injection, Cross-site Scripting (XSS) and Price Changing Attack are mainly known security threats to E-Commerce applications.