Security
practices such as Audits that often focus on penetration testing are performed
to find flaws in some types of vulnerability & use tools, which have been
tailored to resolve certain risks based on code errors, code conceptual assumptions bugs, etc. Most existing security practices in e-Commerce
are dealt with as an auditing activity. They may have
policies of security, which are enforced by auditors who enable a particular
set of items to be reviewed, but also fail
to find vulnerabilities, which have been established in compliance with application logic. In this paper, we will
investigate the problem of business logic vulnerability in the
component-based rapid development of e-commerce applications while reusing
design specification of component. We propose secure application functional
processing Logic Security technique for component-based
e-commerce application, based on security requirement of e-business process and security assurance logical component
behaviour specification approach to
formulize and design a solution for business logic vulnerability phenomena.
References
[1]
Nabi, F. (2005) Secure Business Application Logic for e-Commerce Systems. Elsevier Journal of Computer & Security, 24, 208-217. https://doi.org/10.1016/j.cose.2004.08.008
[2]
J.Barrios, J. and Montilva C., J.A. (2003) A Methodological Framework for Business Modeling. 5th International Conference on Enterprise Information System (ICEIS 2003), Venezuela, 1 January 2003, 79-82.
[3]
Anup, A.G. (2001) Security and Privacy in e-Business. John Wiley and Sons, Hoboken.
[4]
Shishir, G. (1996) CGI Programming on the World Wide Web. O’Reilly and Associates, Newton, Massachusetts, USA.
[5]
Krsul, I. (1998) Software Vulnerability Analysis. Purdue University. Purdue University Press, West Lafayette, USA.
[6]
Aslam, T. (1995) A Taxonomy of Security Faults in the Unix Operating System. Purdue University, West Lafayette.
[7]
Offut, J. (2002) Quality Attributes of Web Software Application. IEEE Software, 19, 25-32. https://doi.org/10.1109/52.991329
[8]
Cao, F., Bryant, B.R. Raje, R.R., Auguston, M., Olson, A.M. and Burt, C.C. (2002) Component Specification and Wrapper/Glue Code Generation with Two-Level Grammar Using Domain Specific Knowledge. Proceedings of the 4th International Conference on Formal Engineering Methods, Seattle, Washington, USA, 4-8 November 2002, 103-107.
[9]
Dustin, J.E. (2001) Quality Web System: Performance, Security and Usability. Adition-Wesley, Boston.
[10]
Ritchie, P. (2007) The Security Risks of Ajax/Web 2.0 Application. Network Security, 2007, 4-8. https://doi.org/10.1016/S1353-4858(07)70025-9
[11]
McGraw, G. (2006) Software Security: Building Security In. 2006 17th International Symposium on Software Reliability Engineering, Raleigh, NC, USA, 7-10 November 2006, 5-6. https://doi.org/10.1109/ISSRE.2006.43
[12]
Nabi, F. (2008) Secure Framework Method for Business Application Logic Integrity in e-commerce Systems. Annual Computer Security Application Conference (ACSAC) 2008, California, 8-12 December 2008. https://www.acsac.org/2008/
[13]
Faisal Nabi, M.N. (2017) A Process of Security Assurance Properties Unification for Application Logic. International Journal of Electronics and Information Engineering, 6, 40-48.
[14]
Kelly, T. (2019) An Assurance Framework for Independent Co-Assurance of Safety and Security. New York University Press, New York.
[15]
Nabi, F. (2008) OWASP Testing Guide. https://owasp.org/www-project-web-security-testing-guide/
[16]
Nachtigal, S. (2007) E-Business Process Security Model. International Confernece e-Commerce, Minneapolis, USA, 23-26 December 2007, 34-40.
[17]
McGraw, G. (2014) Risk Analysis in Software Design. IEEE Security and Privacy, 4, 1540-7993.
[18]
Mark, R., (2008) Model Based Testing Tools-Necessary for Complex system. Software Productivity Consortium, 6, 34-42.
[19]
Chechik, M., et al. (2019) Software Assurance in an Uncertain. In: Chechik, M., Salay. R., Viger, T., Kokaly, S. and Rahimi, M., Eds., Fundamental Approaches to Software Engineering, FASE 2019, Lecture Notes in Computer Science, Vol. 11424, 3-21. https://doi.org/10.1007/978-3-030-16722-6_1
