Home > Table of Contents

Proceedings of the 2nd International Symposium on Web Information Systems and Applications (WISA 2009)

Nanchang, China, May 22-24, 2009

Editors: Fei Yu, Jiexian Zeng, and Guangxue Yue

AP Catalog Number: AP-PROC-CS-09CN001

ISBN: 978-952-5726-00-8 (Print), 978-952-5726-01-5 (CD-ROM)

Page(s): 120-123

Study on the application layer security in E-Commerce websites

           Zhenlong Li, Wenping Guo, Xiaoming Zhao

Full text:  PDF

Abstract

Most of studies about E-Commerce Security focus on the data confidentiality issue. Although security mechanisms, such as SSL (secure socket layer) or SET (secure electronic transaction), have been adopted in websites, catastrophic events that confidential data in E-Commerce are revealed happened more than once. The essential reason for this is that there exist potential security vulnerabilities in the E-Commerce applications themselves. The origins of these vulnerabilities are mainly from the lack of reliable input validation that can prevent E-commerce application from attacks. SQL Injection, Cross-site Scripting (XSS) and Price Changing Attack are mainly known security threats to E-Commerce applications. These attacks and the protecting ways by using XML validation technology have been discussed, and a framework that prevents E-Commerce applications from attacks has been proposed in this paper.

Index Terms

E-Commerce Security; SQL Injection; XML Schema; Input validation

Copyright @ 2009 ACADEMY PUBLISHER — All rights reserved