E-commerce website development and security

Master of Science in Computer Science and Information security 2013-2015 EXT Pradeep K Thomas Varghese "Mozanta Technologies"

E-commerce Security is a part of the Information Security framework and is specifically applied to the components that affect e-commerce that include Computer Security, Data security and other wider realms of the Information Security framework. E-commerce security has its own particular nuances and is one of the highest visible security components that affect the end user through their daily payment interaction with business. In present-day time, securing the web application against hacking is a big challenge. Two of the common types of hacking technique to attack the web application is Cross-Site Scripting (XSS) and SQL Injection. Cross-Site Scripting (XSS) vulnerabilities are being exploited by the attackers to steal web browser’s resources such as cookies, credentials etc. by injecting the malicious JavaScript code on the victim’s web applications. Since Web browsers support the execution of commands embedded in Web pages to enable dynamic Web pages attackers can make use of this feature to enforce the execution of malicious code in a user’s Web browser. SQL injection is an attack technique that exploits a security vulnerability occurring in the database layer of an application and a service. This is most often found within web pages with dynamic content. The analysis of detection and prevention of Cross-Site Scripting (XSS) and SQL injection help to avoid the attack against web applications. The aim of the proposed project is to develop an e-commerce system which provide security for both the business and customers. For ensuring the security, this project implements Oracle ATG Web Commerce’s out of the box security features and some additional modules such as prevention of Cross-Site Scripting (XSS) and SQL Injection attacks and also blocks the IP that cause this type of attacks.