SlideShare ist ein Scribd-Unternehmen logo

Security Threats to Electronic Commerce

Als PPTX, PDF herunterladen
Darlene Enderez
Darlene Enderez

I take no credit with the templates and the designs used. They were originally from a "Duarte" presentation. Just copied it since I don't have much time. Hope to part some knowledge. Ciao~ Thanks "Duarte"!

Business
1 von 15
Basirgo, Pulchra Mae Degamo, Dianne Faith Enderez, Darlene Fernandez, Angela Blanche Mutuc, Apple Rose Presented By: to ELECTRONIC COMMERCE
Client Threats Until the introduction of executable web content, Web pages were mainly static. Coded in HTML, static pages could do little more than display content and provide links to related pages with additional information. However, the widespread use of active content has changed this perception. 1.A.) Active Content 1.B.) Malicious Codes 1.C.) Server-side Masquerading
1.A.) Active Content Active content refers to programs that are embedded transparently in web pages and that cause action to occur. Active content can display moving graphics, download and play audio, or implement web-based spreadsheet programs. Active content is used in e-commerce to place items one wishes to purchase into a shopping cart and to compute the total invoice amount, including sales tax, handling, and shipping costs. The best known active content forms are Java applets, ActiveX controls, JavaScript, and VBScript. Embedding active content to web pages involved in e-commerce introduces several security risks. Malicious programs delivered quietly via web pages could reveal credit card numbers, usernames, and passwords that are frequently stored in special files called cookies. Because the internet is stateless and cannot remember a response from one web page view to another, cookies help solve the problem of remembering customer order information or usernames or passwords. Malicious active content delivered by means of cookies can reveal the contents of client-side files or even destroy files stored on client computers.
1.B.) Malicious Codes Computer viruses, worms and trojan horses are examples of malicious code. A trojan horse is a program which performs a useful function, but performs an unexpected action as well. Virus is a code segment which replicates by attaching copies to existing executable. A worm is a program which replicates itself and causes execution of the new copy. These can create havoc on the client side.
1.C.) Server-side Masquerading Masquerading lures a victim into believing that the entity with which it is communicating is a different entity. For example, if a user tries to log into a computer across the internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. This may be a passive attack (in which the user does not attempt to authenticate the recipient, but merely accesses it), but it is usually an active attack (in which the masquerader issues responses to mislead the user about its identity). BLAH BLAH BLAH BLAH B BLAHBLAH
Communication Channel Threats The internet serves as the electronic chain linking a consumer (client) to an e-commerce resource (commerce server). Messages on the internet travel a random path from a source node to a destination node. The message passes through a number of intermediate computers on the network before reaching the final destination. It is impossible to guarantee that every computer on the internet through which messages pass is safe, secure, and non-hostile. 2.A.) Confidentiality Threats 2.B.) Integrity Threats 2.C.) Availability Threats
2.A.) Confidentiality Threats Confidentiality is the prevention of unauthorized information disclosure. Breaching confidentiality on the internet is not difficult. Suppose one logs onto a website. When one fills out those text boxes and clicks the submit button, the information is sent to the web-server for processing. One popular method of transmitting data to a web- server is to collect the text box responses and place them at the end of the target server’s URL. The captured data and the HTTP request to send the data to the server is then sent. Now, suppose the user changes his mind, decides not to wait for a response from the server, and jumps to another website instead. Confidentiality by recording the secret information the user has just entered.
2.B.) Integrity Threats An integrity threat exists when an unauthorized party can alter a message stream of information. Unprotected banking transactions are subject to integrity violations. Cyber vandalism is an example of an integrity violation. Cyber vandalism is the electronic defacing of an existing website page. Masquerading or spoofing – pretending to be someone you are not or representing a website as an original when it really is a fake – is one means of creating havoc on websites. Using a security hole in a domain name server (DNS), perpetrators can substitute the address of their website in place of the real one to spoof website visitors. Integrity threats can alter vital financial, medical, or military information. It can have very serious consequences for businesses and people.
2.C.) Availability Threats The purpose of availability threats, also known as delay or denial threats, is to disrupt normal computer processing or to deny processing entirely. For example, if the processing speed of a single ATM machine transaction slows from one or two seconds to 30 seconds, users will abandon ATM machines entirely. Similarly, slowing any internet service will drive customers to competitors’ web or commerce sites.
Server Threats The server is the third link in the client-internet-server trio embodying the e-commerce path between the user and a commerce server. Servers have vulnerabilities that can be exploited by anyone determined to cause destruction or to illegally acquire information. 3.A.) Web-server Threats 3.B.) Commerce server Threats 3.C.) Database Threats 3.D.) Common Gateway Interface Threats 3.E.) Password Hacking
3.A.) Web-server Threats Web-server software is designed to deliver web pages by responding to HTTP requests. While web- server software is not inherently high-risk, it has been designed with web service and convenience as the main design goal. The more complex the software is, the higher the probability that it contains coding errors (bugs) and security holes – security weaknesses that provide openings through which evildoers can enter.
3.B.) Commerce Server Threats The commerce server, along with the web-server, responds to requests from web browsers through the HTTP protocol and CGI scripts. Several pieces of software comprise the commerce server software suite, including an FTP server, a mail server, a remote login server, and operating systems on host machines. Each of this software can have security holes and bugs.
3.C.) Database Threats E-commerce systems store user data and retrieve product information from databases connected to the web- server. Besides product information, databases connected to the web contain valuable and private information that could irreparably damage a company if it were disclosed or altered. Some databases store username/password pairs in a non- secure way. If someone obtains user authentication information, then he or she can masquerade as a legitimate database user and reveal private and costly information.
3.D.) Common Gateway Interface Threats A common gateway interface (CGI) implements the transfer of information from a web-server to another program, such as a database program. CGI and the programs to which they transfer data provide active content to web pages. Because CGIs are programs, they present a security threat if misused. Just like web-servers, CGI scripts can be set up to run with their privileges set to high – unconstrained. Defective or malicious CGIs with free access to system resources are capable of disabling the system, calling privileged (and dangerous) base system programs that delete files, or viewing confidential customer information, including usernames and passwords.
3.E.) Password Hacking The simplest attack against a password- based system is to guess passwords. Guessing of passwords requires that access to the complement, the complementation functions, and the authentication functions be obtained. If none of these have changed by the time the password is guessed, then the attacker can use the password to access the system

Empfohlen

Web security
Web securityWeb security
Web security
kareem zock
 
Cross Site Scripting
Cross Site ScriptingCross Site Scripting
Cross Site Scripting
Ali Mattash
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
Avani Patel
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Muhammad Osama Khalid
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
Malu704065
 
Cyber Crime
Cyber Crime Cyber Crime
Cyber Crime
bhavya mohindru
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
dawitTerefe5
 

Empfohlen

Web security
Web securityWeb security
Web security
kareem zock
 
Cross Site Scripting
Cross Site ScriptingCross Site Scripting
Cross Site Scripting
Ali Mattash
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
Avani Patel
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Muhammad Osama Khalid
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
Malu704065
 
Cyber Crime
Cyber Crime Cyber Crime
Cyber Crime
bhavya mohindru
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
dawitTerefe5
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Sanket Gogoi
 
Web security
Web securityWeb security
Web security
Subhash Basistha
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber security
Shri ramswaroop college of engineering and management
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security Awareness
Ali Hassan Ba-Issa
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
sweetpeace1
 
cybersecurity
cybersecuritycybersecurity
cybersecurity
maha797959
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber security
Bansari Shah
 
Xss attack
Xss attackXss attack
Xss attack
Manjushree Mashal
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Dipesh Waghela
 
Client server security threats
Client server security threatsClient server security threats
Client server security threats
rahul kundu
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Akash Dhiman
 
Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)
Anshuman Tripathi
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxCross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert Box
Aaron Weaver
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Priyankush salouria
 
It act and cyber crime
It act and cyber crimeIt act and cyber crime
It act and cyber crime
Dheeraj Dani
 
Computer Security
Computer SecurityComputer Security
Computer Security
vishal purkuti
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security Providers
United Security Providers AG
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computing
Md. Hasibur Rashid
 

Weitere ähnliche Inhalte

Was ist angesagt?

Client server security threats
Client server security threatsClient server security threats
Client server security threats
rahul kundu
 

Was ist angesagt? (20)

Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Web security
Web securityWeb security
Web security
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber security
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security Awareness
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 
cybersecurity
cybersecuritycybersecurity
cybersecurity
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber security
 
Xss attack
Xss attackXss attack
Xss attack
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Client server security threats
Client server security threatsClient server security threats
Client server security threats
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)
 
cyber security
cyber securitycyber security
cyber security
 
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert BoxCross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert Box
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
It act and cyber crime
It act and cyber crimeIt act and cyber crime
It act and cyber crime
 
Computer Security
Computer SecurityComputer Security
Computer Security
 

Ähnlich wie Security Threats to Electronic Commerce

Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
joellemurphey
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
mark scott
 
V1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docV1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.doc
praveena06
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacks
ijdmtaiir
 

Ähnlich wie Security Threats to Electronic Commerce (20)

The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security Providers
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computing
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
 
Internet threats and defence mechanism
Internet threats and defence mechanismInternet threats and defence mechanism
Internet threats and defence mechanism
 
Website Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your WebsiteWebsite Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your Website
 
cryptography .pptx
cryptography .pptxcryptography .pptx
cryptography .pptx
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Network security
Network securityNetwork security
Network security
 
Ethical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityEthical Hacking and Cyber Security
Ethical Hacking and Cyber Security
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
 
Recent cyber Attacks
Recent cyber AttacksRecent cyber Attacks
Recent cyber Attacks
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service Attack
 
V1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docV1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.doc
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacks
 
IBPS SO
IBPS SOIBPS SO
IBPS SO
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
 

Kürzlich hochgeladen

Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
amitlee9823
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Anamikakaur10
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 

Kürzlich hochgeladen (20)

Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 

Security Threats to Electronic Commerce

  • 1. Basirgo, Pulchra Mae Degamo, Dianne Faith Enderez, Darlene Fernandez, Angela Blanche Mutuc, Apple Rose Presented By: to ELECTRONIC COMMERCE
  • 2. Client Threats Until the introduction of executable web content, Web pages were mainly static. Coded in HTML, static pages could do little more than display content and provide links to related pages with additional information. However, the widespread use of active content has changed this perception. 1.A.) Active Content 1.B.) Malicious Codes 1.C.) Server-side Masquerading
  • 3. 1.A.) Active Content Active content refers to programs that are embedded transparently in web pages and that cause action to occur. Active content can display moving graphics, download and play audio, or implement web-based spreadsheet programs. Active content is used in e-commerce to place items one wishes to purchase into a shopping cart and to compute the total invoice amount, including sales tax, handling, and shipping costs. The best known active content forms are Java applets, ActiveX controls, JavaScript, and VBScript. Embedding active content to web pages involved in e-commerce introduces several security risks. Malicious programs delivered quietly via web pages could reveal credit card numbers, usernames, and passwords that are frequently stored in special files called cookies. Because the internet is stateless and cannot remember a response from one web page view to another, cookies help solve the problem of remembering customer order information or usernames or passwords. Malicious active content delivered by means of cookies can reveal the contents of client-side files or even destroy files stored on client computers.
  • 4. 1.B.) Malicious Codes Computer viruses, worms and trojan horses are examples of malicious code. A trojan horse is a program which performs a useful function, but performs an unexpected action as well. Virus is a code segment which replicates by attaching copies to existing executable. A worm is a program which replicates itself and causes execution of the new copy. These can create havoc on the client side.
  • 5. 1.C.) Server-side Masquerading Masquerading lures a victim into believing that the entity with which it is communicating is a different entity. For example, if a user tries to log into a computer across the internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. This may be a passive attack (in which the user does not attempt to authenticate the recipient, but merely accesses it), but it is usually an active attack (in which the masquerader issues responses to mislead the user about its identity). BLAH BLAH BLAH BLAH B BLAHBLAH
  • 6. Communication Channel Threats The internet serves as the electronic chain linking a consumer (client) to an e-commerce resource (commerce server). Messages on the internet travel a random path from a source node to a destination node. The message passes through a number of intermediate computers on the network before reaching the final destination. It is impossible to guarantee that every computer on the internet through which messages pass is safe, secure, and non-hostile. 2.A.) Confidentiality Threats 2.B.) Integrity Threats 2.C.) Availability Threats
  • 7. 2.A.) Confidentiality Threats Confidentiality is the prevention of unauthorized information disclosure. Breaching confidentiality on the internet is not difficult. Suppose one logs onto a website. When one fills out those text boxes and clicks the submit button, the information is sent to the web-server for processing. One popular method of transmitting data to a web- server is to collect the text box responses and place them at the end of the target server’s URL. The captured data and the HTTP request to send the data to the server is then sent. Now, suppose the user changes his mind, decides not to wait for a response from the server, and jumps to another website instead. Confidentiality by recording the secret information the user has just entered.
  • 8. 2.B.) Integrity Threats An integrity threat exists when an unauthorized party can alter a message stream of information. Unprotected banking transactions are subject to integrity violations. Cyber vandalism is an example of an integrity violation. Cyber vandalism is the electronic defacing of an existing website page. Masquerading or spoofing – pretending to be someone you are not or representing a website as an original when it really is a fake – is one means of creating havoc on websites. Using a security hole in a domain name server (DNS), perpetrators can substitute the address of their website in place of the real one to spoof website visitors. Integrity threats can alter vital financial, medical, or military information. It can have very serious consequences for businesses and people.
  • 9. 2.C.) Availability Threats The purpose of availability threats, also known as delay or denial threats, is to disrupt normal computer processing or to deny processing entirely. For example, if the processing speed of a single ATM machine transaction slows from one or two seconds to 30 seconds, users will abandon ATM machines entirely. Similarly, slowing any internet service will drive customers to competitors’ web or commerce sites.
  • 10. Server Threats The server is the third link in the client-internet-server trio embodying the e-commerce path between the user and a commerce server. Servers have vulnerabilities that can be exploited by anyone determined to cause destruction or to illegally acquire information. 3.A.) Web-server Threats 3.B.) Commerce server Threats 3.C.) Database Threats 3.D.) Common Gateway Interface Threats 3.E.) Password Hacking
  • 11. 3.A.) Web-server Threats Web-server software is designed to deliver web pages by responding to HTTP requests. While web- server software is not inherently high-risk, it has been designed with web service and convenience as the main design goal. The more complex the software is, the higher the probability that it contains coding errors (bugs) and security holes – security weaknesses that provide openings through which evildoers can enter.
  • 12. 3.B.) Commerce Server Threats The commerce server, along with the web-server, responds to requests from web browsers through the HTTP protocol and CGI scripts. Several pieces of software comprise the commerce server software suite, including an FTP server, a mail server, a remote login server, and operating systems on host machines. Each of this software can have security holes and bugs.
  • 13. 3.C.) Database Threats E-commerce systems store user data and retrieve product information from databases connected to the web- server. Besides product information, databases connected to the web contain valuable and private information that could irreparably damage a company if it were disclosed or altered. Some databases store username/password pairs in a non- secure way. If someone obtains user authentication information, then he or she can masquerade as a legitimate database user and reveal private and costly information.
  • 14. 3.D.) Common Gateway Interface Threats A common gateway interface (CGI) implements the transfer of information from a web-server to another program, such as a database program. CGI and the programs to which they transfer data provide active content to web pages. Because CGIs are programs, they present a security threat if misused. Just like web-servers, CGI scripts can be set up to run with their privileges set to high – unconstrained. Defective or malicious CGIs with free access to system resources are capable of disabling the system, calling privileged (and dangerous) base system programs that delete files, or viewing confidential customer information, including usernames and passwords.
  • 15. 3.E.) Password Hacking The simplest attack against a password- based system is to guess passwords. Guessing of passwords requires that access to the complement, the complementation functions, and the authentication functions be obtained. If none of these have changed by the time the password is guessed, then the attacker can use the password to access the system