Author(s)

Faisal Nabi^1*, Jianming Yong¹, Xiaohui Tao², Muhammad Saqib Malhi³, Muhammad Farhan³, Umar Mahmood³

¹School of Management and Enterprise, University of Southern Queensland, Queensland, Australia.
²School of Sciences, University of Southern Queensland, Queensland, Australia.
³School of IT and Engineering, Melbourne Institute of Technology, Melb Campus, Melbourne, Victoria, Australia.

Security practices such as Audits that often focus on penetration testing are performed to find flaws in some types of vulnerability & use tools, which have been tailored to resolve certain risks based on code errors, code conceptual assumptions bugs, etc. Most existing security practices in e-Commerce are dealt with as an auditing activity. They may have policies of security, which are enforced by auditors who enable a particular set of items to be reviewed, but also fail to find vulnerabilities, which have been established in compliance with application logic. In this paper, we will investigate the problem of business logic vulnerability in the component-based rapid development of e-commerce applications while reusing design specification of component. We propose secure application functional processing Logic Security technique for component-based e-commerce application, based on security requirement of e-business process and security assurance logical component behaviour specification approach to formulize and design a solution for business logic vulnerability phenomena.

Business Logic Design Flaws, Components Integration Flaws, E-Commerce System, Assurance & Security, Model Based Design, Business Logic Attacks, Attack Pattern

Nabi, F. , Yong, J. , Tao, X. , Malhi, M. , Farhan, M. and Mahmood, U. (2021) Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems. Journal of Information Security, 12, 189-211. doi: 10.4236/jis.2021.123010.