Designing a Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems

Article


Nabi, Faisal. 2011. "Designing a Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems." International Journal of Network Security. 12 (1), pp. 29-41.
Article Title

Designing a Framework Method for Secure
Business Application Logic Integrity in
e-Commerce Systems

ERA Journal ID212961
Article CategoryArticle
AuthorsNabi, Faisal
Journal TitleInternational Journal of Network Security
Journal Citation12 (1), pp. 29-41
Number of Pages13
Year2011
PublisherJalaxy Technology Co. Ltd.
Place of PublicationChina
ISSN1816-353X
1816-3548
Abstract

Currently e-commerce system security focuses on mechanisms such as secure transactional protocols, cryptographic schemes, parameter sanitization and it is assumed that putting these in place will guarantee a secure e-Commerce application. However, often vulnerabilities in the business application logic itself are often ignored that can make the effect of these security mechanisms null and void. Essentially, the weakest link can be at the server rather the client and ignoring this is done at a developer's peril. This paper focuses on this weakest link in e-commerce system. In particular, it considers component-based middleware platforms where vulnerabilities may exist in the middleware itself or the components used to construct the e-Commerce application. We outline a logic attacks that would not be prevented by the deployment of the mechanisms commonly used in e-Commerce systems. To counter this problem, we present a secure framework method based on existing techniques that treats security as a first-class concept and considers its interaction with business logic.

KeywordsCBS; Design flaws; e-commerce system; Integrity; Logical attacks; Logical flaws; Software flaws
Public Notes

There are no files associated with this item.

Byline AffiliationsHazraat Baba Bullah Shah Research Center, Pakistan
Library Services
Permalink -

https://research.usq.edu.au/item/wz7vx/designing-a-framework-method-for-secure-business-application-logic-integrity-in-e-commerce-systems

  • 11
    total views
  • 0
    total downloads
  • 3
    views this month
  • 0
    downloads this month

Export as

Related outputs

Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems
Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Malhi, Muhammad Saqib, Farhan, Muhammad and Mahmood, Umar. 2021. "Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems." Journal of Information Security. 12 (3), pp. 189-211. https://doi.org/10.4236/jis.2021.123010
Security aspects in modern service component‑oriented application logic for social e‑commerce systems
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2021. "Security aspects in modern service component‑oriented application logic for social e‑commerce systems." Social Network Analysis and Mining. 11 (1). https://doi.org/10.1007/s13278-020-00717-9
Organizing Classification of Application Logic Attacks in Component-based E-Commerce Systems
Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Farhan, Muhammad and Naseem, Nauman. 2021. "Organizing Classification of Application Logic Attacks in Component-based E-Commerce Systems." Journal of Computer Science. 17 (11), pp. 1046-1057. https://doi.org/10.3844/JCSSP.2021.1046.1058
Security Assurance Process for Service Component-Oriented Application Logic for Social Interaction in E-Commerce Banking Applications
Nabi, Faisal. 2021. Security Assurance Process for Service Component-Oriented Application Logic for Social Interaction in E-Commerce Banking Applications. PhD by Publication Doctor of Philosophy. University of Southern Queensland. https://doi.org/10.26192/q7q82
Concepts of Safety Critical Systems Unification Approach & Security Assurance Process
Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Malhi, Muhammad Saqib, Mahmood, Umar and Iqbal, Usman. 2020. "Concepts of Safety Critical Systems Unification Approach & Security Assurance Process." Journal of Information Security. 11 (4), pp. 292-303. https://doi.org/10.4236/jis.2020.114018
Classification of logical vulnerability based on group attack method
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2021. "Classification of logical vulnerability based on group attack method." Journal of Ubiquitous Systems and Pervasive Networks. 14 (1), pp. 19-26. https://doi.org/10.5383/JUSPN.14.01.004
A security review of event-based application function and service component architecture
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2020. "A security review of event-based application function and service component architecture." International Journal of Systems and Software Security and Protection. 11 (2), pp. 58-70. https://doi.org/10.4018/IJSSSP.2020070104
Classification of Logical Vulnerability Based on Group Attacking Method
Nabi, Faisal, Yong, Jianming and Tao, Xaiohui. 2020. "Classification of Logical Vulnerability Based on Group Attacking Method." 11th International Conference on Ambient Systems, Networks and Technologies (ANT 2020). Warsaw Poland 06 - 09 Apr 2020 Netherlands. https://doi.org/10.1016/j.procs.2020.03.109
Proposing a secure component-based-application logic and system’s integration testing approach
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2019. "Proposing a secure component-based-application logic and system’s integration testing approach." International Journal of Information and Electronics Engineering. 11 (1), pp. 25-39. https://doi.org/10.6636/IJEIE.20190911(1).04
A novel approach for component based application logic event attack modeling
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2020. "A novel approach for component based application logic event attack modeling." International Journal of Network Security. 22 (3), pp. 437-443.
Virtual Invisible Disk Design for Information System Security
Nabi, Faisal. 2009. "Virtual Invisible Disk Design for Information System Security." International Journal of Network Security. 8 (2), pp. 131-138.
Secure business application logic for e-commerce systems
Nabi, Faisal. 2005. "Secure business application logic for e-commerce systems." Computers and Security. 24 (3), pp. 208-217. https://doi.org/10.1016/j.cose.2004.08.008