mss chapter 3 shopping carts payment gateways l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
MSS*: Chapter 3 Shopping carts & Payment gateways PowerPoint Presentation
Download Presentation
MSS*: Chapter 3 Shopping carts & Payment gateways

Loading in 2 Seconds...

play fullscreen
1 / 19

MSS*: Chapter 3 Shopping carts & Payment gateways - PowerPoint PPT Presentation


  • 274 Views
  • Uploaded on

MSS*: Chapter 3 Shopping carts & Payment gateways. * McClure, Stuart, Saumil Shah, and Shreeraj Shah. Web Hacking: attacks and defense . Addison Wesley. 2003. Evolution of Shopping. Farmers’ market  Store shopping  Supermarket  Catalog shopping

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'MSS*: Chapter 3 Shopping carts & Payment gateways' - talisa


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
mss chapter 3 shopping carts payment gateways

MSS*: Chapter 3Shopping carts & Payment gateways

* McClure, Stuart, Saumil Shah, and Shreeraj Shah. Web Hacking: attacks and defense. Addison Wesley. 2003.

evolution of shopping
Evolution of Shopping
  • Farmers’ market  Store shopping  Supermarket  Catalog shopping
  •  On-line shopping: combines the experience of both in-store shopping and catalog shopping

+ Web-based applications offer more interactivity and multimedia presentation than a printed catalog.

+ Web-based applications typically provide searching capabilities, which are not available in the traditional in-store shopping or catalog shopping.

+ Web-based applications can be tailored to different shopping styles.  “no-pressure” shopping experience

Q: Are there any drawbacks or specific requirements?

Web Security

evolution of shopping3
Evolution of Shopping
  • What are the factors that may drive potential customers away from web-based shopping?
    • Is concern over security real?
    • Ease of use
    • Anything else?

Web Security

e commerce model
E-commerce model

Web Security

e commerce model7
E-commerce model
  • Characteristics:
    • A web portal represents the company’s web identity.
    • The portal serves as an entry into the electronic store.
    • A web site hosting multiple applications that interact with an array of servers (other web sites, financial processing, transaction processing, back-end databases, etc.)
  • Q: What makes an e-commerce different from a computerized retail business?

Web Security

e commerce model8
E-commerce model
  • An exercise: The e-commerce model diagram is not really an ER diagram. Modify/refine the model and turn it into a real ER or EER diagram.
  • Hint: Add relationships
  • Part of your project: preliminary design

Web Security

e commerce model9
E-commerce model
  • The need for peer-to-peer communications
  • An extranet is an inter-network linking different companies’ internal network.
  • What are the requirements of an inter-company web-based application?
    • Trust!
    • Authentication
    • Non-repudiation
    • Anything else?
  •  Web-services

Web Security

web services
Web Services
  • Multi-party Web services

Web Security

e shopping cart systems
E-shopping cart systems
  • Uses of an e-shopping cart:
    • Temporarily stores what the customer has picked;
    • Provides a summary of the items (prices, S&H cost, etc.) in the cart when needed (per the customer’s request or at the time of checkout);
    • The customer may replace items in the cart until the transaction is finalized.

Web Security

e shopping cart systems12
E-shopping cart systems
  • The e-shopping cart application forms the heart of the e-shopping application.
  • It binds the customer, the product catalog, the inventory system, and the payment system together.

Web Security

e shopping cart systems13
E-shopping cart systems
  • Implementation requirements:
    • Accuracy: It correctly records what the customer has picked and changed.
    • Flexibility: It allows the customer to freely replace items in the cart.
    • Integration: with the product catalog, the inventory system, and the payment gateway.
    • Integrity: No tampering of the cart’s content, whether by malicious 3rd party or programming errors (e.g., across two different carts)

Web Security

e shopping cart systems14
E-shopping cart systems
  • Components:
    • Session management
    • Product catalog application
    • Payment gateway
    • Back-end databases (e.g., product inventory, customer information)

Web Security

e shopping cart systems15
E-shopping cart systems
  • Sample problems with insecure shopping carts:
    • Remote command execution over HTTP
    • Unprotected sensitive information retrievable via HTTP
    • Improper or no ‘input sanitization’  results in remote command execution
    • Modified hidden HTML form fields

Web Security

payment processing system
Payment processing system
  • The checkout process:
    • Finalize the order
    • Choose method of payment
    • Verify of the chosen payment method
    • Log all transactions
    • Fulfill the order
    • Generate a receipt

Web Security

payment processing system17
Payment processing system
  • The payment gateway interface: Figure next page
    • Interacts with the order information page, the back-end databases, and the payment gateway
    • Provided by the institution that hosts the payment gateway (e.g., Verisign or PayPal)
    • Integrated into the e-shopping application and invoked by the electronic storefront app.
    • SSL encrypted interface with the payment gateway (Q: how about i/f with other components?)

Web Security

payment processing system19
Payment processing system
  • Payment system implementation issues:
    • Never trust “sensitive” data passed from the client side. Why?
    • Do not store temporary info within the Web server’s document folder. Why?
    • Temporary info should be destroyed after its use.
    • Use SSL to encrypt communication links. Why?
    • Carefully protect user profiles!

Web Security