SlideShare a Scribd company logo

Security Threats to Electronic Commerce

Download as PPTX, PDF
Darlene Enderez
Darlene Enderez

I take no credit with the templates and the designs used. They were originally from a "Duarte" presentation. Just copied it since I don't have much time. Hope to part some knowledge. Ciao~ Thanks "Duarte"!

Business
1 of 15
Basirgo, Pulchra Mae Degamo, Dianne Faith Enderez, Darlene Fernandez, Angela Blanche Mutuc, Apple Rose Presented By: to ELECTRONIC COMMERCE
Client Threats Until the introduction of executable web content, Web pages were mainly static. Coded in HTML, static pages could do little more than display content and provide links to related pages with additional information. However, the widespread use of active content has changed this perception. 1.A.) Active Content 1.B.) Malicious Codes 1.C.) Server-side Masquerading
1.A.) Active Content Active content refers to programs that are embedded transparently in web pages and that cause action to occur. Active content can display moving graphics, download and play audio, or implement web-based spreadsheet programs. Active content is used in e-commerce to place items one wishes to purchase into a shopping cart and to compute the total invoice amount, including sales tax, handling, and shipping costs. The best known active content forms are Java applets, ActiveX controls, JavaScript, and VBScript. Embedding active content to web pages involved in e-commerce introduces several security risks. Malicious programs delivered quietly via web pages could reveal credit card numbers, usernames, and passwords that are frequently stored in special files called cookies. Because the internet is stateless and cannot remember a response from one web page view to another, cookies help solve the problem of remembering customer order information or usernames or passwords. Malicious active content delivered by means of cookies can reveal the contents of client-side files or even destroy files stored on client computers.
1.B.) Malicious Codes Computer viruses, worms and trojan horses are examples of malicious code. A trojan horse is a program which performs a useful function, but performs an unexpected action as well. Virus is a code segment which replicates by attaching copies to existing executable. A worm is a program which replicates itself and causes execution of the new copy. These can create havoc on the client side.
1.C.) Server-side Masquerading Masquerading lures a victim into believing that the entity with which it is communicating is a different entity. For example, if a user tries to log into a computer across the internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. This may be a passive attack (in which the user does not attempt to authenticate the recipient, but merely accesses it), but it is usually an active attack (in which the masquerader issues responses to mislead the user about its identity). BLAH BLAH BLAH BLAH B BLAHBLAH
Communication Channel Threats The internet serves as the electronic chain linking a consumer (client) to an e-commerce resource (commerce server). Messages on the internet travel a random path from a source node to a destination node. The message passes through a number of intermediate computers on the network before reaching the final destination. It is impossible to guarantee that every computer on the internet through which messages pass is safe, secure, and non-hostile. 2.A.) Confidentiality Threats 2.B.) Integrity Threats 2.C.) Availability Threats
2.A.) Confidentiality Threats Confidentiality is the prevention of unauthorized information disclosure. Breaching confidentiality on the internet is not difficult. Suppose one logs onto a website. When one fills out those text boxes and clicks the submit button, the information is sent to the web-server for processing. One popular method of transmitting data to a web- server is to collect the text box responses and place them at the end of the target server’s URL. The captured data and the HTTP request to send the data to the server is then sent. Now, suppose the user changes his mind, decides not to wait for a response from the server, and jumps to another website instead. Confidentiality by recording the secret information the user has just entered.
2.B.) Integrity Threats An integrity threat exists when an unauthorized party can alter a message stream of information. Unprotected banking transactions are subject to integrity violations. Cyber vandalism is an example of an integrity violation. Cyber vandalism is the electronic defacing of an existing website page. Masquerading or spoofing – pretending to be someone you are not or representing a website as an original when it really is a fake – is one means of creating havoc on websites. Using a security hole in a domain name server (DNS), perpetrators can substitute the address of their website in place of the real one to spoof website visitors. Integrity threats can alter vital financial, medical, or military information. It can have very serious consequences for businesses and people.
2.C.) Availability Threats The purpose of availability threats, also known as delay or denial threats, is to disrupt normal computer processing or to deny processing entirely. For example, if the processing speed of a single ATM machine transaction slows from one or two seconds to 30 seconds, users will abandon ATM machines entirely. Similarly, slowing any internet service will drive customers to competitors’ web or commerce sites.
Server Threats The server is the third link in the client-internet-server trio embodying the e-commerce path between the user and a commerce server. Servers have vulnerabilities that can be exploited by anyone determined to cause destruction or to illegally acquire information. 3.A.) Web-server Threats 3.B.) Commerce server Threats 3.C.) Database Threats 3.D.) Common Gateway Interface Threats 3.E.) Password Hacking
3.A.) Web-server Threats Web-server software is designed to deliver web pages by responding to HTTP requests. While web- server software is not inherently high-risk, it has been designed with web service and convenience as the main design goal. The more complex the software is, the higher the probability that it contains coding errors (bugs) and security holes – security weaknesses that provide openings through which evildoers can enter.
3.B.) Commerce Server Threats The commerce server, along with the web-server, responds to requests from web browsers through the HTTP protocol and CGI scripts. Several pieces of software comprise the commerce server software suite, including an FTP server, a mail server, a remote login server, and operating systems on host machines. Each of this software can have security holes and bugs.
3.C.) Database Threats E-commerce systems store user data and retrieve product information from databases connected to the web- server. Besides product information, databases connected to the web contain valuable and private information that could irreparably damage a company if it were disclosed or altered. Some databases store username/password pairs in a non- secure way. If someone obtains user authentication information, then he or she can masquerade as a legitimate database user and reveal private and costly information.
3.D.) Common Gateway Interface Threats A common gateway interface (CGI) implements the transfer of information from a web-server to another program, such as a database program. CGI and the programs to which they transfer data provide active content to web pages. Because CGIs are programs, they present a security threat if misused. Just like web-servers, CGI scripts can be set up to run with their privileges set to high – unconstrained. Defective or malicious CGIs with free access to system resources are capable of disabling the system, calling privileged (and dangerous) base system programs that delete files, or viewing confidential customer information, including usernames and passwords.
3.E.) Password Hacking The simplest attack against a password- based system is to guess passwords. Guessing of passwords requires that access to the complement, the complementation functions, and the authentication functions be obtained. If none of these have changed by the time the password is guessed, then the attacker can use the password to access the system

Recommended

E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesInderjeet Singh
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-CommerceDattatreya Reddy Peram
 
E commerce
E commerceE commerce
E commerceGBC
 
Security environment
Security environmentSecurity environment
Security environmentJay Choudhary
 
Issues and challenges in e-business
Issues and challenges in e-businessIssues and challenges in e-business
Issues and challenges in e-businessNishant Pahad
 
Business to Business Electronic Commerce
Business to Business Electronic Commerce Business to Business Electronic Commerce
Business to Business Electronic Commerce Nurhazman Abdul Aziz
 
History of E commerce- Brief History
History of E commerce- Brief HistoryHistory of E commerce- Brief History
History of E commerce- Brief HistoryJustine Therese Zamora
 

Recommended

E Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesE Commerce -Security Threats and Challenges
E Commerce -Security Threats and ChallengesInderjeet Singh
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-CommerceDattatreya Reddy Peram
 
E commerce
E commerceE commerce
E commerceGBC
 
Security environment
Security environmentSecurity environment
Security environmentJay Choudhary
 
Issues and challenges in e-business
Issues and challenges in e-businessIssues and challenges in e-business
Issues and challenges in e-businessNishant Pahad
 
Business to Business Electronic Commerce
Business to Business Electronic Commerce Business to Business Electronic Commerce
Business to Business Electronic Commerce Nurhazman Abdul Aziz
 
History of E commerce- Brief History
History of E commerce- Brief HistoryHistory of E commerce- Brief History
History of E commerce- Brief HistoryJustine Therese Zamora
 
1 introduction to e commerce
1 introduction to e commerce1 introduction to e commerce
1 introduction to e commercesajid ullah
 
E commerce ( A to Z )
E commerce ( A to Z )E commerce ( A to Z )
E commerce ( A to Z )Alireza (علیرضا کاربر) Karbor
 
laudon-traver_ec13_ppt_ch12(2).pptx
laudon-traver_ec13_ppt_ch12(2).pptxlaudon-traver_ec13_ppt_ch12(2).pptx
laudon-traver_ec13_ppt_ch12(2).pptxAnjLegaspi1
 
E COMMERCE
E COMMERCEE COMMERCE
E COMMERCEHarshSingla29
 
e-Commerce
e-Commercee-Commerce
e-CommerceIranna Teggi
 
Ecommerce presentation
Ecommerce presentationEcommerce presentation
Ecommerce presentationpooja singla
 
07 E-commerce Advertising
07 E-commerce Advertising07 E-commerce Advertising
07 E-commerce Advertisingmonchai sopitka
 
CHAPTER 6 E-COMMERCE MARKETING AND ADVERTISING
CHAPTER 6 E-COMMERCE MARKETING AND ADVERTISINGCHAPTER 6 E-COMMERCE MARKETING AND ADVERTISING
CHAPTER 6 E-COMMERCE MARKETING AND ADVERTISINGShadina Shah
 
Challenges of E-commerce
Challenges of E-commerceChallenges of E-commerce
Challenges of E-commerceijtsrd
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
EDI
EDI EDI
EDIPratap Tirkey
 
E Commerce Presentation
E Commerce PresentationE Commerce Presentation
E Commerce PresentationTylerjd
 
E commerce and its applications
E commerce and its applications E commerce and its applications
E commerce and its applications ksingh777
 
E commerce-1,2
E commerce-1,2E commerce-1,2
E commerce-1,2HEENA PRUTHI
 
An introduction to E-Commerce
An introduction to E-CommerceAn introduction to E-Commerce
An introduction to E-CommerceAnubha .
 
Ecommerce
EcommerceEcommerce
EcommerceNiyati Mehta
 
Payment gateways
Payment gateways Payment gateways
Payment gateways NiyasudheenAK
 
Chapter 5 tech in e commerce
Chapter 5 tech in e commerceChapter 5 tech in e commerce
Chapter 5 tech in e commerceMarya Sholevar
 
Social Media
Social MediaSocial Media
Social MediaAndrewNangle1
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commercesadaf tst
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersUnited Security Providers AG
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computingMd. Hasibur Rashid
 

More Related Content

What's hot

1 introduction to e commerce
1 introduction to e commerce1 introduction to e commerce
1 introduction to e commercesajid ullah
 
laudon-traver_ec13_ppt_ch12(2).pptx
laudon-traver_ec13_ppt_ch12(2).pptxlaudon-traver_ec13_ppt_ch12(2).pptx
laudon-traver_ec13_ppt_ch12(2).pptxAnjLegaspi1
 
Ecommerce presentation
Ecommerce presentationEcommerce presentation
Ecommerce presentationpooja singla
 
07 E-commerce Advertising
07 E-commerce Advertising07 E-commerce Advertising
07 E-commerce Advertisingmonchai sopitka
 
CHAPTER 6 E-COMMERCE MARKETING AND ADVERTISING
CHAPTER 6 E-COMMERCE MARKETING AND ADVERTISINGCHAPTER 6 E-COMMERCE MARKETING AND ADVERTISING
CHAPTER 6 E-COMMERCE MARKETING AND ADVERTISINGShadina Shah
 
Challenges of E-commerce
Challenges of E-commerceChallenges of E-commerce
Challenges of E-commerceijtsrd
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
E Commerce Presentation
E Commerce PresentationE Commerce Presentation
E Commerce PresentationTylerjd
 
E commerce and its applications
E commerce and its applications E commerce and its applications
E commerce and its applications ksingh777
 
An introduction to E-Commerce
An introduction to E-CommerceAn introduction to E-Commerce
An introduction to E-CommerceAnubha .
 
Chapter 5 tech in e commerce
Chapter 5 tech in e commerceChapter 5 tech in e commerce
Chapter 5 tech in e commerceMarya Sholevar
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commercesadaf tst
 

What's hot (20)

1 introduction to e commerce
1 introduction to e commerce1 introduction to e commerce
1 introduction to e commerce
 
E commerce ( A to Z )
E commerce ( A to Z )E commerce ( A to Z )
E commerce ( A to Z )
 
laudon-traver_ec13_ppt_ch12(2).pptx
laudon-traver_ec13_ppt_ch12(2).pptxlaudon-traver_ec13_ppt_ch12(2).pptx
laudon-traver_ec13_ppt_ch12(2).pptx
 
E COMMERCE
E COMMERCEE COMMERCE
E COMMERCE
 
e-Commerce
e-Commercee-Commerce
e-Commerce
 
Ecommerce presentation
Ecommerce presentationEcommerce presentation
Ecommerce presentation
 
07 E-commerce Advertising
07 E-commerce Advertising07 E-commerce Advertising
07 E-commerce Advertising
 
CHAPTER 6 E-COMMERCE MARKETING AND ADVERTISING
CHAPTER 6 E-COMMERCE MARKETING AND ADVERTISINGCHAPTER 6 E-COMMERCE MARKETING AND ADVERTISING
CHAPTER 6 E-COMMERCE MARKETING AND ADVERTISING
 
Challenges of E-commerce
Challenges of E-commerceChallenges of E-commerce
Challenges of E-commerce
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 
EDI
EDI EDI
EDI
 
E Commerce Presentation
E Commerce PresentationE Commerce Presentation
E Commerce Presentation
 
E commerce and its applications
E commerce and its applications E commerce and its applications
E commerce and its applications
 
E commerce-1,2
E commerce-1,2E commerce-1,2
E commerce-1,2
 
An introduction to E-Commerce
An introduction to E-CommerceAn introduction to E-Commerce
An introduction to E-Commerce
 
Ecommerce
EcommerceEcommerce
Ecommerce
 
Payment gateways
Payment gateways Payment gateways
Payment gateways
 
Chapter 5 tech in e commerce
Chapter 5 tech in e commerceChapter 5 tech in e commerce
Chapter 5 tech in e commerce
 
Social Media
Social MediaSocial Media
Social Media
 
Security issues in e commerce
Security issues in e commerceSecurity issues in e commerce
Security issues in e commerce
 

Similar to Security Threats to Electronic Commerce

The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersUnited Security Providers AG
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computingMd. Hasibur Rashid
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxjoellemurphey
 
Internet threats and defence mechanism
Internet threats and defence mechanismInternet threats and defence mechanism
Internet threats and defence mechanismCAS
 
cryptography .pptx
cryptography .pptxcryptography .pptx
cryptography .pptxRRamyaDevi
 
Ethical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityEthical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityNeeraj Negi
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02mark scott
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyHaider Ali Malik
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service AttackStephanie Williams
 
V1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docV1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docpraveena06
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacksijdmtaiir
 

Similar to Security Threats to Electronic Commerce (20)

The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security Providers
 
Security challenges of cloud computing
Security challenges of cloud computingSecurity challenges of cloud computing
Security challenges of cloud computing
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docxRisk and Threat Assessment Report Anthony WolfBSA 5.docx
Risk and Threat Assessment Report Anthony WolfBSA 5.docx
 
Internet threats and defence mechanism
Internet threats and defence mechanismInternet threats and defence mechanism
Internet threats and defence mechanism
 
Website Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your WebsiteWebsite Security: A Guide to Defending Your Website
Website Security: A Guide to Defending Your Website
 
cryptography .pptx
cryptography .pptxcryptography .pptx
cryptography .pptx
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Network security
Network securityNetwork security
Network security
 
Ethical Hacking and Cyber Security
Ethical Hacking and Cyber SecurityEthical Hacking and Cyber Security
Ethical Hacking and Cyber Security
 
Sip 140208055023-phpapp02
Sip 140208055023-phpapp02Sip 140208055023-phpapp02
Sip 140208055023-phpapp02
 
Recent cyber Attacks
Recent cyber AttacksRecent cyber Attacks
Recent cyber Attacks
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service Attack
 
V1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docV1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.doc
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacks
 
IBPS SO
IBPS SOIBPS SO
IBPS SO
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
 

Recently uploaded

8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCRalexsharmaa01
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524najka9823
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 

Recently uploaded (20)

8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptx
 
Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524Call Girls Contact Number Andheri 9920874524
Call Girls Contact Number Andheri 9920874524
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 

Security Threats to Electronic Commerce

  • 1. Basirgo, Pulchra Mae Degamo, Dianne Faith Enderez, Darlene Fernandez, Angela Blanche Mutuc, Apple Rose Presented By: to ELECTRONIC COMMERCE
  • 2. Client Threats Until the introduction of executable web content, Web pages were mainly static. Coded in HTML, static pages could do little more than display content and provide links to related pages with additional information. However, the widespread use of active content has changed this perception. 1.A.) Active Content 1.B.) Malicious Codes 1.C.) Server-side Masquerading
  • 3. 1.A.) Active Content Active content refers to programs that are embedded transparently in web pages and that cause action to occur. Active content can display moving graphics, download and play audio, or implement web-based spreadsheet programs. Active content is used in e-commerce to place items one wishes to purchase into a shopping cart and to compute the total invoice amount, including sales tax, handling, and shipping costs. The best known active content forms are Java applets, ActiveX controls, JavaScript, and VBScript. Embedding active content to web pages involved in e-commerce introduces several security risks. Malicious programs delivered quietly via web pages could reveal credit card numbers, usernames, and passwords that are frequently stored in special files called cookies. Because the internet is stateless and cannot remember a response from one web page view to another, cookies help solve the problem of remembering customer order information or usernames or passwords. Malicious active content delivered by means of cookies can reveal the contents of client-side files or even destroy files stored on client computers.
  • 4. 1.B.) Malicious Codes Computer viruses, worms and trojan horses are examples of malicious code. A trojan horse is a program which performs a useful function, but performs an unexpected action as well. Virus is a code segment which replicates by attaching copies to existing executable. A worm is a program which replicates itself and causes execution of the new copy. These can create havoc on the client side.
  • 5. 1.C.) Server-side Masquerading Masquerading lures a victim into believing that the entity with which it is communicating is a different entity. For example, if a user tries to log into a computer across the internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. This may be a passive attack (in which the user does not attempt to authenticate the recipient, but merely accesses it), but it is usually an active attack (in which the masquerader issues responses to mislead the user about its identity). BLAH BLAH BLAH BLAH B BLAHBLAH
  • 6. Communication Channel Threats The internet serves as the electronic chain linking a consumer (client) to an e-commerce resource (commerce server). Messages on the internet travel a random path from a source node to a destination node. The message passes through a number of intermediate computers on the network before reaching the final destination. It is impossible to guarantee that every computer on the internet through which messages pass is safe, secure, and non-hostile. 2.A.) Confidentiality Threats 2.B.) Integrity Threats 2.C.) Availability Threats
  • 7. 2.A.) Confidentiality Threats Confidentiality is the prevention of unauthorized information disclosure. Breaching confidentiality on the internet is not difficult. Suppose one logs onto a website. When one fills out those text boxes and clicks the submit button, the information is sent to the web-server for processing. One popular method of transmitting data to a web- server is to collect the text box responses and place them at the end of the target server’s URL. The captured data and the HTTP request to send the data to the server is then sent. Now, suppose the user changes his mind, decides not to wait for a response from the server, and jumps to another website instead. Confidentiality by recording the secret information the user has just entered.
  • 8. 2.B.) Integrity Threats An integrity threat exists when an unauthorized party can alter a message stream of information. Unprotected banking transactions are subject to integrity violations. Cyber vandalism is an example of an integrity violation. Cyber vandalism is the electronic defacing of an existing website page. Masquerading or spoofing – pretending to be someone you are not or representing a website as an original when it really is a fake – is one means of creating havoc on websites. Using a security hole in a domain name server (DNS), perpetrators can substitute the address of their website in place of the real one to spoof website visitors. Integrity threats can alter vital financial, medical, or military information. It can have very serious consequences for businesses and people.
  • 9. 2.C.) Availability Threats The purpose of availability threats, also known as delay or denial threats, is to disrupt normal computer processing or to deny processing entirely. For example, if the processing speed of a single ATM machine transaction slows from one or two seconds to 30 seconds, users will abandon ATM machines entirely. Similarly, slowing any internet service will drive customers to competitors’ web or commerce sites.
  • 10. Server Threats The server is the third link in the client-internet-server trio embodying the e-commerce path between the user and a commerce server. Servers have vulnerabilities that can be exploited by anyone determined to cause destruction or to illegally acquire information. 3.A.) Web-server Threats 3.B.) Commerce server Threats 3.C.) Database Threats 3.D.) Common Gateway Interface Threats 3.E.) Password Hacking
  • 11. 3.A.) Web-server Threats Web-server software is designed to deliver web pages by responding to HTTP requests. While web- server software is not inherently high-risk, it has been designed with web service and convenience as the main design goal. The more complex the software is, the higher the probability that it contains coding errors (bugs) and security holes – security weaknesses that provide openings through which evildoers can enter.
  • 12. 3.B.) Commerce Server Threats The commerce server, along with the web-server, responds to requests from web browsers through the HTTP protocol and CGI scripts. Several pieces of software comprise the commerce server software suite, including an FTP server, a mail server, a remote login server, and operating systems on host machines. Each of this software can have security holes and bugs.
  • 13. 3.C.) Database Threats E-commerce systems store user data and retrieve product information from databases connected to the web- server. Besides product information, databases connected to the web contain valuable and private information that could irreparably damage a company if it were disclosed or altered. Some databases store username/password pairs in a non- secure way. If someone obtains user authentication information, then he or she can masquerade as a legitimate database user and reveal private and costly information.
  • 14. 3.D.) Common Gateway Interface Threats A common gateway interface (CGI) implements the transfer of information from a web-server to another program, such as a database program. CGI and the programs to which they transfer data provide active content to web pages. Because CGIs are programs, they present a security threat if misused. Just like web-servers, CGI scripts can be set up to run with their privileges set to high – unconstrained. Defective or malicious CGIs with free access to system resources are capable of disabling the system, calling privileged (and dangerous) base system programs that delete files, or viewing confidential customer information, including usernames and passwords.
  • 15. 3.E.) Password Hacking The simplest attack against a password- based system is to guess passwords. Guessing of passwords requires that access to the complement, the complementation functions, and the authentication functions be obtained. If none of these have changed by the time the password is guessed, then the attacker can use the password to access the system