Faisal Nabi, Muhammad Saqib Malhi, Muhammad Farhan, Umar Mahmood
{"title":"功能逻辑在电子商务系统中应用的安全保障技术过程","authors":"Faisal Nabi, Muhammad Saqib Malhi, Muhammad Farhan, Umar Mahmood","doi":"10.4236/JIS.2021.123010","DOIUrl":null,"url":null,"abstract":"Security \npractices such as Audits that often focus on penetration testing are performed \nto find flaws in some types of vulnerability & use tools, which have been \ntailored to resolve certain risks based on code errors, code conceptual assumptions bugs, etc. Most existing security practices in e-Commerce \nare dealt with as an auditing activity. They may have \npolicies of security, which are enforced by auditors who enable a particular \nset of items to be reviewed, but also fail \nto find vulnerabilities, which have been established in compliance with application logic. In this paper, we will \ninvestigate the problem of business logic vulnerability in the \ncomponent-based rapid development of e-commerce applications while reusing \ndesign specification of component. We propose secure application functional \nprocessing Logic Security technique for component-based \ne-commerce application, based on security requirement of e-business process and security assurance logical component \nbehaviour specification approach to \nformulize and design a solution for business logic vulnerability phenomena.","PeriodicalId":57259,"journal":{"name":"信息安全(英文)","volume":"12 1","pages":"189-211"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems\",\"authors\":\"Faisal Nabi, Muhammad Saqib Malhi, Muhammad Farhan, Umar Mahmood\",\"doi\":\"10.4236/JIS.2021.123010\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security \\npractices such as Audits that often focus on penetration testing are performed \\nto find flaws in some types of vulnerability & use tools, which have been \\ntailored to resolve certain risks based on code errors, code conceptual assumptions bugs, etc. Most existing security practices in e-Commerce \\nare dealt with as an auditing activity. They may have \\npolicies of security, which are enforced by auditors who enable a particular \\nset of items to be reviewed, but also fail \\nto find vulnerabilities, which have been established in compliance with application logic. In this paper, we will \\ninvestigate the problem of business logic vulnerability in the \\ncomponent-based rapid development of e-commerce applications while reusing \\ndesign specification of component. We propose secure application functional \\nprocessing Logic Security technique for component-based \\ne-commerce application, based on security requirement of e-business process and security assurance logical component \\nbehaviour specification approach to \\nformulize and design a solution for business logic vulnerability phenomena.\",\"PeriodicalId\":57259,\"journal\":{\"name\":\"信息安全(英文)\",\"volume\":\"12 1\",\"pages\":\"189-211\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-05-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"信息安全(英文)\",\"FirstCategoryId\":\"1093\",\"ListUrlMain\":\"https://doi.org/10.4236/JIS.2021.123010\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"信息安全(英文)","FirstCategoryId":"1093","ListUrlMain":"https://doi.org/10.4236/JIS.2021.123010","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Process of Security Assurance Technique for Application Functional Logic in E-Commerce Systems
Security
practices such as Audits that often focus on penetration testing are performed
to find flaws in some types of vulnerability & use tools, which have been
tailored to resolve certain risks based on code errors, code conceptual assumptions bugs, etc. Most existing security practices in e-Commerce
are dealt with as an auditing activity. They may have
policies of security, which are enforced by auditors who enable a particular
set of items to be reviewed, but also fail
to find vulnerabilities, which have been established in compliance with application logic. In this paper, we will
investigate the problem of business logic vulnerability in the
component-based rapid development of e-commerce applications while reusing
design specification of component. We propose secure application functional
processing Logic Security technique for component-based
e-commerce application, based on security requirement of e-business process and security assurance logical component
behaviour specification approach to
formulize and design a solution for business logic vulnerability phenomena.