ABSTRACT
Modern e-commerce systems are more likely focused on mechanisms of security, such as secure transactional protocols, cryptographic schemes and parameter sanitization, and it is assumed that putting these in place will guarantee a secure e-commerce application. However, vulnerabilities in the business application logic itself are often ignored which can make the effect of these security mechanisms null and void. Essentially, the weakest link can be at the server rather than client because of business logic and insecure server-side business components, its security ignoring is another factor, which is done at developer’s peril. This paper focuses on the weakest link (component’s logic subversion) in the e-commerce system. We outline a logical attack (subversion attack, class Design Flaw) that would not be prevented by the deployment of the mechanisms commonly used in e-commerce systems. To further investigate this problem, we propose a security assurance methodology for service component-oriented application that will be practiced through threat modeling and component fault detection model with further modeling component and its application using unified modeling language secure-design approach with a valid technique (verification, validation model for security-by-design testing) for design flaw detection to avoid the business logic problem in component-based e-commerce applications from existing application logic.
Acknowledgments
The authors would like to thank Prof. Jianming Yong for support and cooperation.
Disclosure statement
No potential conflict of interest was reported by the authors.
Availability of data and material
No data have been provided for that project as it is not allowed.