TITLE:
Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems
AUTHORS:
Faisal Nabi, Jianming Yong, Xiaohui Tao, Muhammad Saqib Malhi, Muhammad Farhan, Umar Mahmood
KEYWORDS:
Business Logic Design Flaws, Components Integration Flaws, E-Commerce System, Assurance & Security, Model Based Design, Business Logic Attacks, Attack Pattern
JOURNAL NAME:
Journal of Information Security,
Vol.12 No.3,
May
14,
2021
ABSTRACT: Security
practices such as Audits that often focus on penetration testing are performed
to find flaws in some types of vulnerability & use tools, which have been
tailored to resolve certain risks based on code errors, code conceptual assumptions bugs, etc. Most existing security practices in e-Commerce
are dealt with as an auditing activity. They may have
policies of security, which are enforced by auditors who enable a particular
set of items to be reviewed, but also fail
to find vulnerabilities, which have been established in compliance with application logic. In this paper, we will
investigate the problem of business logic vulnerability in the
component-based rapid development of e-commerce applications while reusing
design specification of component. We propose secure application functional
processing Logic Security technique for component-based
e-commerce application, based on security requirement of e-business process and security assurance logical component
behaviour specification approach to
formulize and design a solution for business logic vulnerability phenomena.