Designing a Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems

Article

Nabi, Faisal. 2011. "Designing a Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems." International Journal of Network Security. 12 (1), pp. 29-41.

Article Title	Designing a Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems
ERA Journal ID	212961
Article Category	Article
Authors	Nabi, Faisal
Journal Title	International Journal of Network Security
Journal Citation	12 (1), pp. 29-41
Number of Pages	13
Year	2011
Publisher	Jalaxy Technology Co. Ltd.
Place of Publication	China
ISSN	1816-353X
	1816-3548
Abstract	Currently e-commerce system security focuses on mechanisms such as secure transactional protocols, cryptographic schemes, parameter sanitization and it is assumed that putting these in place will guarantee a secure e-Commerce application. However, often vulnerabilities in the business application logic itself are often ignored that can make the effect of these security mechanisms null and void. Essentially, the weakest link can be at the server rather the client and ignoring this is done at a developer's peril. This paper focuses on this weakest link in e-commerce system. In particular, it considers component-based middleware platforms where vulnerabilities may exist in the middleware itself or the components used to construct the e-Commerce application. We outline a logic attacks that would not be prevented by the deployment of the mechanisms commonly used in e-Commerce systems. To counter this problem, we present a secure framework method based on existing techniques that treats security as a first-class concept and considers its interaction with business logic.
Keywords	CBS; Design flaws; e-commerce system; Integrity; Logical attacks; Logical flaws; Software flaws
Public Notes	There are no files associated with this item.
Byline Affiliations	Hazraat Baba Bullah Shah Research Center, Pakistan
	Library Services

Permalink -

https://research.usq.edu.au/item/wz7vx/designing-a-framework-method-for-secure-business-application-logic-integrity-in-e-commerce-systems

23
total views
0
total downloads
0
views this month
0
downloads this month

Export as

Related outputs

Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems

Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Malhi, Muhammad Saqib, Farhan, Muhammad and Mahmood, Umar. 2021. "Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems." Journal of Information Security. 12 (3), pp. 189-211. https://doi.org/10.4236/jis.2021.123010

Security aspects in modern service component‑oriented application logic for social e‑commerce systems

Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2021. "Security aspects in modern service component‑oriented application logic for social e‑commerce systems." Social Network Analysis and Mining. 11 (1). https://doi.org/10.1007/s13278-020-00717-9

Organizing Classification of Application Logic Attacks in Component-based E-Commerce Systems

Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Farhan, Muhammad and Naseem, Nauman. 2021. "Organizing Classification of Application Logic Attacks in Component-based E-Commerce Systems." Journal of Computer Science. 17 (11), pp. 1046-1057. https://doi.org/10.3844/JCSSP.2021.1046.1058

Security Assurance Process for Service Component-Oriented Application Logic for Social Interaction in E-Commerce Banking Applications

Nabi, Faisal. 2021. Security Assurance Process for Service Component-Oriented Application Logic for Social Interaction in E-Commerce Banking Applications. PhD by Publication Doctor of Philosophy. University of Southern Queensland. https://doi.org/10.26192/q7q82

Concepts of Safety Critical Systems Unification Approach & Security Assurance Process

Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Malhi, Muhammad Saqib, Mahmood, Umar and Iqbal, Usman. 2020. "Concepts of Safety Critical Systems Unification Approach & Security Assurance Process." Journal of Information Security. 11 (4), pp. 292-303. https://doi.org/10.4236/jis.2020.114018

Classification of logical vulnerability based on group attack method

Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2021. "Classification of logical vulnerability based on group attack method." Journal of Ubiquitous Systems and Pervasive Networks. 14 (1), pp. 19-26. https://doi.org/10.5383/JUSPN.14.01.004

A security review of event-based application function and service component architecture

Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2020. "A security review of event-based application function and service component architecture." International Journal of Systems and Software Security and Protection. 11 (2), pp. 58-70. https://doi.org/10.4018/IJSSSP.2020070104

Classification of Logical Vulnerability Based on Group Attacking Method

Nabi, Faisal, Yong, Jianming and Tao, Xaiohui. 2020. "Classification of Logical Vulnerability Based on Group Attacking Method." 11th International Conference on Ambient Systems, Networks and Technologies (ANT 2020). Warsaw Poland 06 - 09 Apr 2020 Netherlands. https://doi.org/10.1016/j.procs.2020.03.109

Proposing a secure component-based-application logic and system’s integration testing approach

Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2019. "Proposing a secure component-based-application logic and system’s integration testing approach." International Journal of Information and Electronics Engineering. 11 (1), pp. 25-39. https://doi.org/10.6636/IJEIE.20190911(1).04