Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems

Nabi, Faisal and Yong, Jianming and Tao, Xiaohui ORCID: https://orcid.org/0000-0002-0020-077X and Malhi, Muhammad Saqib and Farhan, Muhammad and Mahmood, Umar (2021) Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems. Journal of Information Security, 12 (3):1. pp. 189-211. ISSN 2153-1234

[img]
Preview
Text (Published Version)
jis_2021051315040966.pdf
Available under License Creative Commons Attribution 4.0.

Download (3MB) | Preview

Abstract

Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have
been tailored to resolve certain risks based on code errors, code conceptual assumptions bugs, etc. Most existing security practices in e-Commerce are dealt
with as an auditing activity. They may have policies of security, which are enforced by auditors who enable a particular set of items to be reviewed, but also fail to find vulnerabilities, which have been established in compliance with application logic. In this paper, we will investigate the problem of business logic vulnerability in the component-based rapid development of e-commerce applications while reusing design specification of component. We propose secure application functional processing Logic Security technique for component-
based e-commerce application, based on security requirement of e-business process and security assurance logical component behaviour specification approach
to formulize and design a solution for business logic vulnerability phenomena.


Statistics for USQ ePrint 41970
Statistics for this ePrint Item
Item Type: Article (Commonwealth Reporting Category C)
Refereed: Yes
Item Status: Live Archive
Faculty/School / Institute/Centre: Current - Faculty of Business, Education, Law and Arts - School of Business (18 Jan 2021 -)
Faculty/School / Institute/Centre: Current - Faculty of Health, Engineering and Sciences - School of Sciences (6 Sep 2019 -)
Date Deposited: 17 May 2021 03:38
Last Modified: 25 Oct 2021 23:13
Uncontrolled Keywords: Business Logic Design Flaws, Components Integration Flaws, E-Commerce System, Assurance & Security, Model Based Design, Business Logic Attacks, Attack Pattern
Fields of Research (2008): 08 Information and Computing Sciences > 0803 Computer Software > 080303 Computer System Security
Fields of Research (2020): 46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460406 Software and application security
Identification Number or DOI: https://doi.org/10.4236/jis.2021.123010
URI: http://eprints.usq.edu.au/id/eprint/41970

Actions (login required)

View Item Archive Repository Staff Only