Question: Consider an Online Shopping site identify vulnerability ,threat and attack
1

Subject: System Web Security

Topic: Introduction To Computer Security

Difficulty: Medium

sws(26) • 3.0k views
ADD COMMENTlink
modified 14 months ago by gravatar for nirajsingh242 nirajsingh24280 written 16 months ago by gravatar for awari.swati831 awari.swati831250
6

<strong>ideal online shopping system</strong>

(A) vulnerability "simply refers to the weakness in the system"

()following are the vulnerability that that have been discovered online shopping system(shopping cart and online payment systems)

1)SQL Injection SQL injection refers to the insertion of SQL meta-characters in user input, such that the attacker's queries are executed by the back-end database. Typically, attackers will first determine if a site is vulnerable to such an attack by sending in the single-quote (') character.

2) Price Manipulation This is a vulnerability that is almost completely unique to online shopping carts and payment gateways. In the most common occurrence of this vulnerability, the total payable price of the purchased goods is stored in a hidden HTML field of a dynamically generated web page.

3)Buffer overflows Buffer overflow vulnerabilities are not very common in shopping cart or other web applications using Perl, PHP, ASP, etc. However, sending in a large number of bytes to web applications that are not geared to deal with them can have unexpected consequences.

4)Weak Authentication and Authorization Authentication mechanisms that do not prohibit multiple failed logins can be attacked using tools such as Brutus . Similarly, if the web site uses HTTP Basic Authentication or does not pass session IDs over SSL (Secure Sockets Layer), an attacker can sniff the traffic to discover user's authentication and/or authorization credentials

(B) Threat "a potential cause of an unwanted incident, which may result in harm to a system or organization ."

()following are the Threats that that have been discovered online shopping system

1)Fake Online Stores The internet is full of fake online stores that trick people into purchasing fake products. These products will never be delivered to them. These fake online stores throw lucrative offers that are difficult to ignore. Luring customers into buying products that they will never be received. There are many instances of this happening.

2)Credit Card Fraud This is one of the biggest disadvantages of online shopping. There are many malicious users that intercept online stores at the payment portal. You would select the items you want to buy and then when you make the payment, you are redirected to the malicious user’s website rather than the legitimate payment gateway. It looks identical to your merchant gateway, and you reveal your credit card information.

3)information Shared Unencrypted When shopping online, you must have noticed that there’s a lock symbol in the address bar on websites like amazon. This symbol denotes that the website uses a secure protocol to share your information in an encrypted manner so that anyone monitoring the traffic cannot view it.

(C) Attacks "attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset"

()following are the attacks that that have been discovered online shopping system

1)Dictionary This attack helps attacker to get or gues password of an user

2)salami This attack helps attacker to get added money in to attackers account

3)session hijacking This attack helps attacker to get benefit and try to harm an user financialy

4)phishing This attack helps attacker to get details password ,credit/debit card details.

ADD COMMENTlink
written 14 months ago by gravatar for nirajsingh242 nirajsingh24280
Please log in to add an answer.