Secure business application logic for e-commerce systems

Article

Nabi, Faisal. 2005. "Secure business application logic for e-commerce systems." Computers and Security. 24 (3), pp. 208-217. https://doi.org/10.1016/j.cose.2004.08.008
Article Title

Secure business application logic for
e-commerce systems

ERA Journal ID17813
Article CategoryArticle
AuthorsNabi, Faisal
Journal TitleComputers and Security
Journal Citation24 (3), pp. 208-217
Number of Pages10
Year2005
Place of PublicationUnited Kingdom
ISSN0167-4048
1872-6208
Digital Object Identifier (DOI)https://doi.org/10.1016/j.cose.2004.08.008
Web Address (URL)https://www.sciencedirect.com/science/article/pii/S0167404804002123
Abstract

The major reason why most people are still sceptical about e-commerce is the perceived security and privacy risks associated with e-transactions, e.g., data, smart cards, credit cards and exchange of business information by means of online transactions. Today, vendors of e-commerce systems have relied solely on secure transaction protocols such as SSL, while ignoring the security of server and client software. This article, Secure Business Application Logic for e-commerce Systems, discusses a key weak link in e-commerce systems: the business application logic. Although the security issues of the front-end and back-end software systems in e-commerce application warrant equal attention, but this research focuses on the Security of Middle Tier of e-commerce server that implements the business application logic and traditionally, e-commerce sites implemented the middle tier of software on the web server using CGI. We also present strategies for secure business application logic: good design and engineering, secure configuration, defensive programming and secure wrappers for server-side software. © 2004 Elsevier Ltd. All rights reserved.

KeywordsBusiness application logic; CGI scripts; Client trust; E-commerce; Privacy; Security; SSL
Public Notes

There are no files associated with this item.

Byline AffiliationsUniversity of Luton, United Kingdom
Library Services
Permalink -

https://research.usq.edu.au/item/wz7w3/secure-business-application-logic-for-e-commerce-systems

Log in to edit
  • 26
    total views
  • 0
    total downloads
  • 1
    views this month
  • 0
    downloads this month

Export as

Related outputs

Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems
Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Malhi, Muhammad Saqib, Farhan, Muhammad and Mahmood, Umar. 2021. "Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems." Journal of Information Security. 12 (3), pp. 189-211. https://doi.org/10.4236/jis.2021.123010
Security aspects in modern service component‑oriented application logic for social e‑commerce systems
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2021. "Security aspects in modern service component‑oriented application logic for social e‑commerce systems." Social Network Analysis and Mining. 11 (1). https://doi.org/10.1007/s13278-020-00717-9
Organizing Classification of Application Logic Attacks in Component-based E-Commerce Systems
Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Farhan, Muhammad and Naseem, Nauman. 2021. "Organizing Classification of Application Logic Attacks in Component-based E-Commerce Systems." Journal of Computer Science. 17 (11), pp. 1046-1057. https://doi.org/10.3844/JCSSP.2021.1046.1058
Security Assurance Process for Service Component-Oriented Application Logic for Social Interaction in E-Commerce Banking Applications
Nabi, Faisal. 2021. Security Assurance Process for Service Component-Oriented Application Logic for Social Interaction in E-Commerce Banking Applications. PhD by Publication Doctor of Philosophy. University of Southern Queensland. https://doi.org/10.26192/q7q82
Concepts of Safety Critical Systems Unification Approach & Security Assurance Process
Nabi, Faisal, Yong, Jianming, Tao, Xiaohui, Malhi, Muhammad Saqib, Mahmood, Umar and Iqbal, Usman. 2020. "Concepts of Safety Critical Systems Unification Approach & Security Assurance Process." Journal of Information Security. 11 (4), pp. 292-303. https://doi.org/10.4236/jis.2020.114018
Classification of logical vulnerability based on group attack method
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2021. "Classification of logical vulnerability based on group attack method." Journal of Ubiquitous Systems and Pervasive Networks. 14 (1), pp. 19-26. https://doi.org/10.5383/JUSPN.14.01.004
A security review of event-based application function and service component architecture
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2020. "A security review of event-based application function and service component architecture." International Journal of Systems and Software Security and Protection. 11 (2), pp. 58-70. https://doi.org/10.4018/IJSSSP.2020070104
Classification of Logical Vulnerability Based on Group Attacking Method
Nabi, Faisal, Yong, Jianming and Tao, Xaiohui. 2020. "Classification of Logical Vulnerability Based on Group Attacking Method." 11th International Conference on Ambient Systems, Networks and Technologies (ANT 2020). Warsaw Poland 06 - 09 Apr 2020 Netherlands. https://doi.org/10.1016/j.procs.2020.03.109
Proposing a secure component-based-application logic and system’s integration testing approach
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2019. "Proposing a secure component-based-application logic and system’s integration testing approach." International Journal of Information and Electronics Engineering. 11 (1), pp. 25-39. https://doi.org/10.6636/IJEIE.20190911(1).04
A novel approach for component based application logic event attack modeling
Nabi, Faisal, Yong, Jianming and Tao, Xiaohui. 2020. "A novel approach for component based application logic event attack modeling." International Journal of Network Security. 22 (3), pp. 437-443.
Designing a Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems
Nabi, Faisal. 2011. "Designing a Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems." International Journal of Network Security. 12 (1), pp. 29-41.
Virtual Invisible Disk Design for Information System Security
Nabi, Faisal. 2009. "Virtual Invisible Disk Design for Information System Security." International Journal of Network Security. 8 (2), pp. 131-138.