Testing is crucial to e-commerce because e-commerce sites are both business critical and highly visible to their users; any failure can be immediately expensive in terms of lost revenue and even more expensive in the longer term if disaffected users seek alternative sites.

2.  E – Commerce - Electronic commerce refers to the
buying and selling of products or services over
electronic systems such as the Internet and
other computer networks.
 It also includes the entire online process of
developing, marketing, selling, delivering, servicing
and paying for products and services.

3.  Domestic and international payment systems
 Group buying
 Instant messaging
 Online banking
 Online office suites
 Shopping cart software
 Teleconferencing
 Electronic tickets

4.  Businesses also have been engaging in a form of e-
commerce, known as electronic data interchange
(EDI), for many years.
 Banks have been using electronic funds transfers
(EFTs) which are electronic transmissions of account
exchange information over private communications
networks.

5.  Testing is crucial to e-commerce because e-commerce
sites are both business critical and highly visible to
their users; any failure can be immediately expensive
in terms of lost revenue and even more expensive in
the longer term if disaffected users seek alternative
sites.

6.  Security has three main concepts: confidentiality, integrity,
and availability.
 Confidentiality - Confidentiality allows only authorized
parties to read protected information. For example, if the
postman reads your mail, this is a breach of your privacy
 Integrity - Integrity ensures data remains as is from the
sender to the receiver. If someone added an extra bill to the
envelope, which contained your credit card bill, he has
violated the integrity of the mail.

7.  Availability - Availability ensures you have access and
are authorized to resources. If the post office destroys
your mail or the postman takes one year to deliver your
mail, he has impacted the availability of your mail.

8.  The need for security testing of an organization arises
due to two main factors-
 The primary factor is the importance of measuring
the extent to which the security infrastructure
implements the security policy and the security
requirements of an organization. As the
implementation of the security infrastructure needs
human interventions, a proper security testing is
needed to check out the existence of any “human
error”.

9.  The other factor is the vulnerability of the existing
security infrastructure to the new threats and exploits.
In recent years, the rate of arrival of new types of
threat and new exploits has been alarming with
respect to the information security context. This leads
to the need for periodical security testing by which the
vulnerability of the existing security infrastructure to
the growing number of threats and exploits can be
measured.

10.  There are two aspects of testing – compliance checking
and penetration testing.
 Compliance checking: In compliance checking, it is
seen whether the security infrastructure, that has been
implemented, matches the security policy of the
organization. A semi automated tool can be used to
match the policies with the existing infrastructure.

11.  Penetration testing: In penetration testing, it is seen
whether the existing security infrastructure of the
organization is sufficient to ward off all possible
security threats. Various automated and semi-
automated security tools like Retina, Nessus etc. are
available for penetration testing. They try and
penetrate the organization’s network and generate a
report on the vulnerabilities and threats that are
present in the network.

12.  Spam Relaying & Harvesting
 Data Leakage
 SQL Injection attacks
 Unsuccessful login attempts
 Weak Login forms