e-commerce Application Level System Security

It is difficult to secure every application in an e-commerce site. A better approach is to allow only particular applications to communicate through the network.
A common hacker technique is to load an illicit server on a host that acts as a Trojan horse. Once this session is established, the hacker has full control over the host. Security at the application layer is implemented through application-level gateways known as proxy servers, which are discussed in a later module.

Designing for system security at the application level for an e-commerce system involves several key practices and principles to protect against threats and ensure data integrity, confidentiality, and availability. Here’s how a systems architect might approach this:

1. Authentication and Authorization:
   • User Authentication: Implement strong user authentication mechanisms, such as multi-factor authentication (MFA), to verify the identity of users.
   • Role-Based Access Control (RBAC): Design the system to grant permissions based on user roles. This ensures that users only have access to the resources and functions necessary for their role.
2. Data Encryption:
   • Encryption in Transit: Use Transport Layer Security (TLS) to encrypt data transmitted between the client and server to prevent interception by unauthorized parties.
   • Encryption at Rest: Ensure sensitive data such as payment information, personal data, and passwords are encrypted when stored in the database.
3. Input Validation and Sanitization:
   • Prevent SQL Injection: Implement proper input validation and use parameterized queries or ORM (Object-Relational Mapping) frameworks to protect against SQL injection attacks.
   • Cross-Site Scripting (XSS) Protection: Validate and sanitize all inputs, especially those that are reflected back to users, to prevent XSS attacks.
4. Secure API Design:
   • API Authentication: Use OAuth or API keys to authenticate and control access to APIs.
   • Rate Limiting: Implement rate limiting to protect against denial-of-service (DoS) attacks and abuse of APIs.
   • Input Validation: Ensure APIs are designed to validate and sanitize input to prevent injection attacks.
5. Session Management:
   • Secure Session Tokens: Use secure, random session tokens and ensure they are stored securely (e.g., in HttpOnly cookies).
   • Session Expiration: Implement session timeouts and automatically log out users after a period of inactivity.
   • Secure Cookie Flags: Use the `Secure`, `HttpOnly`, and `SameSite` cookie attributes to protect session cookies.
6. Logging and Monitoring:
   • Security Logging: Implement detailed logging for all security-related events, such as failed login attempts, changes to access control lists, and suspicious activities.
   • Real-time Monitoring: Set up real-time monitoring and alerting for unusual or suspicious behavior that could indicate a security breach.
7. Data Privacy and Compliance:
   • Compliance with Regulations: Ensure the system complies with relevant data protection regulations such as GDPR, CCPA, or PCI-DSS for handling payment data.
   • Data Minimization: Collect and store only the data necessary for the operation of the system to minimize exposure in the event of a breach.
8. Secure Code Practices:
   • Code Review and Testing: Conduct regular code reviews and use static analysis tools to identify and fix security vulnerabilities.
   • Security Testing: Perform penetration testing and use automated security testing tools to identify vulnerabilities before deployment.
9. Patch Management:
   • Regular Updates: Keep all software, libraries, and dependencies up to date with the latest security patches to protect against known vulnerabilities.
   • Dependency Management: Monitor and manage third-party dependencies to ensure they do not introduce vulnerabilities.
10. Incident Response Planning:
    • Incident Response Plan: Develop and maintain an incident response plan to quickly address security breaches or vulnerabilities.
    • Data Backup and Recovery: Ensure regular backups of critical data and test recovery procedures to minimize the impact of a security incident.
11. User Education:
    • Security Awareness: Educate users and employees about security best practices, such as recognizing phishing attempts and using strong passwords.

By integrating these principles into the application design, a systems architect can help ensure that the e-commerce system is resilient against various security threats and protects sensitive data effectively.

The job of building an e-commerce website is an ongoing process. The website which consists of various form of technology, constantly evolves as new forms of server side scripting are introduced. Security risks change as the site positions itself on the web, and as the platform used by the site become obsolete. The different website configurations and approaches discussed in this module come to prove, that the network level protection that so many websites have been using, might not be enough.
When building a website we must survey the risks facing the website from all different aspects. Not allweb sites face the same "threats" and many websites are just another collection of HTML pages in the vast cyberspace of the Internet. But, websites conducting business, containing information (considered valuable for a malicious hacker) or holding a political view, are at higher risk then others. E-commerce websites often hold valuable information (credit card numbers or other private, personal data) and conduct business, and are thus placed at a high-risk position. Having recognized a website is in the high-risk zone, we must consider the different types of security hazards:

1. Denial of Service including DDOS
2. Defacement (the replacement of content on a web site, indicating it has been hacked).
3. Data Theft
4. Fraud (data manipulation or actual theft)

While any of these attacks might cause revenue lose, the method of defense against each is different. Since there is no global security solution that can provide the full defensive spectrum an e-commerce website requires, it has become extremely difficult to choose the right line of defense. Security is a product that comes with a price tag. At first, this might be very obvious since products such as firewall and anti-virus have known pricing. However, the costs of on-going security, software-security updates, and new website technologies cannot be calculated during initial installation planning. Eventually the website owner will have to decide what level of security will be provided, while considering the current risks and costs involved.

E-commerce sites often require custom software that must successfully transit the firewall. Understanding the architecture of each application that will be routed through a firewall is necessary for proper firewall configuration. Common e-commerce TCP/IP applications are described in the table below.

Application	Description
Telnet	Used for many purposes. Telnet allows you to access a remote computer as if you were sitting right in front of it. Once you have logged on, you can use telnet to modify users, edit files (including HTML, CGI, and Java), and generally administer your site.
FTP	Used for file transfers.
HTTP using SSL	Most firewalls block out this traffic by default, causing problems with the entire e-commerce implementation.
SSH	A secure replacement for Telnet and UNIX-based remote login programs.
Custom middleware	Includes Java servlets and applications that include Microsoft DNA, Netscape ONE, and Oracle NCA.
Legacy communications	Many older network systems may have to communicate across the firewall.