Information and communication technologies continue to pervade our lives in various aspects which include health, education, entertainment and ecommerce. People need to be able to trust computer systems as the dependence on them increases. The Trustworthy Computing vision (CRA, 2003) refers to computer systems that are intuitive, controllable, reliable and predictable and that ensure availability and security. Secure cod- ing is not trivial and poor code security management may leave the developed web application vulnerable to attack or turn the application into a launch pad for serious attacks.
This paper is organized as follows: Section 2 provides background information to secure coding in web applications. Section 4 outlines the aims and objectives of the project. Section 5 briefly describes the design of the developed secure framework. Section 6 highlights the achievements of the project and Section 7 presents a conclusion. 2 Background Security vulnerabilities in a system can be at the application, server and network level. Unpatched software, viruses and trojan horses may all expose a system to attack. These security issues should be addressed in any system; however these can easily be bypassed with an attack on a web application. The aim of this project is to focus on the application-level security vulnerabilities which are introduced in the next subsections. (Howard and LeBlanc, 2003)
Web Application Vulnerabilities
This section presents a brief overview of the most common security vulnerabilities found in ecommerce web applications.
Cross-Site Scripting
Cross-Site Scripting is a form of input validation vulnerability (Howard et al, 2005). Any web application that directly echoes the user input to a webpage without validation has an input trust issue and is vulnerable with Cross-Site Scripting. Echoed input might be a client-side script which is then executed by the browser and runs in the context of the vulnerable domain, having access to the client side cookies.
SQL Injection
SQL injection is a common form of input validation vulnerability (Howard et al, 2005) resulting from the improper string concatenation of SQL commands with non-validated user input. The following code fragment builds a string containing an SQL statement constructed by concatenating SQL commands with user input.
Download pdf Secure Ecommerce Framework for the .NET Environment
Related Searches: application level security, security vulnerabilities, trojan horses, software viruses, launch pad
Categories
Archives
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
Today's Search Terms:
- ?????? ?? volvo fh12 - vauxhall vectra c repair manual torrent - dynamics plug ins for maya - rapidshare numerical analysis method - computers internet blog - free Workshop Manual - free ebook programming - renault clio service manual - user manual opel omega a - free SAP MATERIAL MANAGEMENT PPT - GTA III visual walkthrough - reparaturanleitung honda eu10i - rapidshare c# net numerical methods - canon pixma ip 1700 download - wordpress blogs - wordpress blogs - Volvo Penta (09 2009) torrent - samsung a707 manuel - samsung a707 manuel - samsung a707 manuel - HVAC rapidshare com/ - samsung a707 manuel - samsung a707 manuel - file type:pdf(steps for creating client /server programming) - file type:pdf(steps for creating client /server programming) - Autodesk Inventor pdf Ebook Cz Download - file type:pdf(steps for creating client /server programming) - c# mobile code - autocad 2007 tutorials - Concurrent Programming on WindowsMost Popular
- iPod shuffle User's Guide (Manual)
- Renault Workshop Repair Manual PDF
- VolksWagen Golf and Jetta Routine Maintenance and Servicing Manual
- VolksWagen Golf & Jetta Service and Repair Manual
- Volkswagen Beetle Manual PDF
- Hacking the XBOX 360 for Noobs Tutorial
- VW Golf and Jetta Braking System PDF Manual
- Renault Workshop Repair Manual PDF
- VolksWagen Golf III / Jetta III Wiring Diagram Manual
- Renault All Types Service Manual PDF
Random Posts
- Renault Service Manual System PDF
- Mambo Component Tutorial - Daily Message Component
- Effect of orientation errors of astigmatism-correcting spectacle
- Onimusha 3: Demon Siege - Games Cheats Hints & Trainer PC
- The Effect of Car Acoustics on Automobile Sound Systems
- BMW Z1 Manual PDF
- Macintosh FlowJo Manual
- An Optimal Load Balancing Method for the Web-Server Cluster Based
- Developer Guide for Checkout by Amazon
- Service Manual Trucks Dismantling manual for Volvo Trucks PDF
Free Ebook Manual Download is proudly powered by WordPress - BloggingPro theme by: Design Disease
RSS feed for comments on this post · TrackBack URI
Leave a reply