Download E-Commerce and Database Security: A Comprehensive Guide and more Slides Software Engineering in PDF only on Docsity! E-Commerce and Database Security Docsity.com Organization I. Introduction II. Background Information III. Motivation IV.Research − Strong Passwords System − SQL Injections − Denial of Service Attacks − Encryption V. Our Application VI.Conclusion and Future Works VII. References Docsity.com Motivation Consumers enter their personal, private information online on a daily basis and expect it to be protected. − i.e. banking, purchasing, etc. Secure application development is vital because potential users need to feel comfortable and confident when entering confidential information Attackers can use the information gathered in malicious ways, causing weak applications to gain a poor reputation Docsity.com Passwords Background: passwords are used on a regular basis, and although some systems are becoming more complex, more needs to be done. Password cracking research → areas of weakness Normal requirements: − 8 - 12 characters in length At least one of each the following: − Letter (at least 1 uppercase and 1 lowercase) − Number − Special Character Docsity.com Passwords Suggestions: avoid using your username, common personal information, or common dictionary words − Account for 24% of the cracked passwords Automated password checker − Negative: time and resources necessary to implement Admins should be held to higher standard since there is more risk if their accounts are compromised. Docsity.com SQL Injection Prevention Input Validation through Regular Expressions Example from program in Java: Docsity.com Denial – of – Service (DOS) Attacks Background: threatens the availability of the system to a user; attacker sends multiple requests than the system can handle Distributed Attacks occur in 4 phases: − Phase 1 – vulnerability − Phase 2 - spread virus − Phase 3 - send requests − Phase 4 - system crashes Docsity.com DOS Attacks Prevention Prevention: − System security: Firewall filtering, antivirus software and patch updates − Resource Multiplication Mechanisms: Diversify network location, cluster of servers with load balancing capabilities Docsity.com Conclusions Security for web-based application is essential because there are so many ways your application can be exploited and the consequences can be crucial. Input validation is necessary because it will not only protect against SQL injections, but all security risks based on command injection such as XSS Password protection is basic but the value of it can be overlooked Docsity.com Future Works Continue research on building a secure web application Complete our application by applying our additional security − Not just what we researched Continue research on the proactive password checker − Are the time and resources it takes worth the value it could provide? Docsity.com