Secure business application logic for e-commerce systems

The major reason why most people are still sceptical about e-commerce is the perceived security and privacy risks associated with e-transactions, e.g., data, smart cards, credit cards and exchange of business information by means of online transactions. Today, vendors of e-commerce systems have relied solely on secure transaction protocols such as SSL, while ignoring the security of server and client software. This article, Secure Business Application Logic for e-commerce Systems, discusses a key weak link in e-commerce systems: the business application Logic. Although the security issues of the front-end and back-end software systems in e-commerce application warrant equal attention, but this research focuses on the Security of Middle Tier of e-commerce server that implements the business application logic and traditionally, e-commerce sites implemented the middle tier of software on the web server using CGI. We also present strategies for secure business application logic: good design and engineering, secure configuration, defensive programming and secure wrappers for server-side software. (c) 2004 Elsevier Ltd. All rights reserved.