The major reason why most people are still sceptical about e-commerce is the perceived security and privacy risks associated with e-transactions, e.g., data, smart cards, credit cards and exchange of business information by means of online transactions. Today, vendors of e-commerce systems have relied solely on secure transaction protocols such as SSL, while ignoring the security of server and client software. This article, Secure Business Application Logic for e-commerce Systems, discusses a key weak link in e-commerce systems: the business application logic. Although the security issues of the front-end and back-end software systems in e-commerce application warrant equal attention, but this research focuses on the Security of Middle Tier of e-commerce server that implements the business application logic and traditionally, e-commerce sites implemented the middle tier of software on the web server using CGI. We also present strategies for secure business application logic: good design and engineering, secure configuration, defensive programming and secure wrappers for server-side software.
[1]
Carol A. Siegel,et al.
Internet Security for Business
,
1996
.
[2]
Andrew Greasley,et al.
Business Information Systems: Technology, Development and Management for the E-Business
,
2002
.
[3]
Tom Christiansen,et al.
Perl Cookbook
,
1998
.
[4]
Jan H. P. Eloff,et al.
Electronic commerce: the information-security challenge
,
2000,
Inf. Manag. Comput. Secur..
[5]
Shishir Gundavaram,et al.
CGI Programming on the World Wide Web
,
1996
.
[6]
Anup K. Ghosh.
E-Commerce Security: Weak Links, Best Defenses
,
1998
.
[7]
Brendan Smoker.
A matter of trust.
,
2002,
Health management technology.
[8]
Lincoln D. Stein.
Web Security: A Step-by-Step Reference Guide
,
1998
.
[9]
Andrew Whinston,et al.
Frontiers of Electronic Commerce
,
1996
.