My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Thursday, May 6, 2004
« Exchange Server 2003 Security Hardening ... | Main | Design Patterns and Code Access Security... »

SecurityFocus has an article that discusses common attacks and vulnerabilities in e-commerce shopping cart systems, with reference to SecurityFocus vulnerability reports where relevant.

Among the ones mentioned are:

  • SQL Injection
  • Price Manipulation
  • Buffer Overflows
  • Cross-Site Scripting
  • Remote Command Execution
  • Weak authentication and authorization
According to the article "Countermeasures should also include strict input validation routines, a 3-tier modular architecture, use of open-source cryptographic standards, and other secure coding practices."
 
Nice to see that these were some of the specific things that were addressed as part of DevDays during my Threats and Countermeasures presentation.
 
Check it out for yourself @
http://www.securityfocus.com/infocus/1775

[Now Playing: Meri Makhna Meri Soniye - Baghban]

Tags:: Security
5/6/2004 9:36 PM Eastern Daylight Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.