About the project
The main aim of this project is to show how an organization can effectively secure their e-business. The introduction to e-business, the threats coming under it, and the necessary measures needed are also explained. The steps under developing e-business, validation and testing are also included in it.
“E-Business (electronic business) is using technology to improve your business processes. This includes managing internal processes such as human resources, financial and administration systems as well as external processes such as sales and marketing, supply of goods and services and customer relationships.”, “What is e-Business?”.
Science has developed so fast, and internet is one of them. Humans has become more and highly dependent on computers and internet. They having studies about how to include and utile internet in many fields, like business, educations etc. e-business is a new technology used for business applications through the internet. Now it is a fast growing and widely used technology. Different studies are undergone under this technology.
All opportunities under internet technologies is included in business, to bring out the best, i.e. to increase the productivity and get profit in business. E-business technology is widely used now by the business man, but they may use it in different ways. There may be a web site displaying details of a company and also details of their products. There will be a toll free number, where a customer can order their product by calling them in that number and order it. Another method is that the website will have an option to order their product through internet, while ordering they will ask the customer to enter their credit card number.
But verification of the credit card will be done manually through telephone or fax. Another application is that a website must have a full integrated database as a backend. The website will always contain newly updated details about the product, their stocks, and also about its price. Credit card is used for ordering the product. Credit card details are asked to be entered by the customer and it is verified immediately through some technologies like payment gateway.
E-Business technology is the fast growing techniques used for different business applications. “Broadly speaking, the term ‘ebusiness’ refers to using the internet for doing business. Every time a business uses the internet to conduct business, it is doing ebusiness”, “What is ebusiness?”.
In this business field the main activities are business to business application, Ecommerce, communication between peoples and government etc.
The different measures mentioned below will change a business to e-business. They are
- Using of email for the communication purposes, within business men, their customers or clients and also within suppliers. Emails are used to order products and different services, within different business organizations.
- Information about the organization, their contact details like phone number, email id etc., their products, its prices, and also a brief description of the product.
- The sales of their products are done through their website.
- Web is used for the study of different business trends and techniques.
- Business’ information can be managed through internet, by providing it through website.
- It’s also possible to purchase products online by using credit card, and this card can be verified through internet.
Now a day most business, government agencies and various organization are have website. World wide application is a client server application.This is working on the internet. To day almost business applications are web based. To day web browsers are very easy to use and easy to develop.
“Security is a concern of organizations with assets that are controlled by computer systems. By accessing or altering data, an attacker can steal tangible assets or lead an organization to take actions it would not otherwise take. By merely examining data, an attacker can gain a competitive advantage, with out owner of the data being any the wiser.”, “ Computer at Risk: safe computing in the information Age, National Research Council, 1991”
E- Business is the business through internet. All transaction and their data are processed through internet. In this business field data must have transmitted in secure manner. Else hacker will have taken this information. “Many businesses want to expand their use of the Internet but are not sure how to do so in a secure way. The e-business guide will help you decide which strategies and processes are appropriate for your business e-security needs”, “e-business guide”. Number of threats are affected this E Business process. Users and organization are much concerned of this resource security. But hackers work more for the circumvention of computer security. There main objectives is unauthorized breaking remote computer through communication network, for example- internet. They even could cause much more damages than they have created so far. There are also chances that the black hats who have knowledge of the human, can easily gain information about the organizational resources or personal information.
The different types of security threats are as defined below
- Password cracking
- Malicious Code
- Blended Threats
- Credit card Fraud
Password cracking is the main problem. it is the process of accessing recourse or data from others. Many users use username and password combinations for their authentication. These types of authentications are commonly used for e-commerce, government, different types of computer networks and their different applications. So security is the big problem for these types of applications.
The password attacks are commonly divided into three types
- Guessing of password,
A common method of password cracking is the hackers try to guess the password or brute force attacks. so large number of organizations uses the “Strong Passwords”. The employees also create strong password for their security. This Strong Password has ability to recover the brute force attacks(hacker guessing users Password).victims use their user name , pet name, place, full name for their passwords, and eliminate the birth date, your kids’ name, social security number. These types of passwords are easily accessed by hacker. Some times it very helpful for user to recover a forgotten password. Randomly entering passwords has more security. In the case of Password cracking attacker uses some algorithm.This algorithm helps to attacker to retrieves uses passwords.
Malicious software is used for attacking the business related website and their resource. some attacker create Malicious software which inserted the system for harmful work. Malicious are classified into two categories
- software need some host programme
- Software does not need any host programme.
Independent malicious programme contain their own code that affected this e business techniques. Zombie programming software is the examples of this malicious software.
The viruses, logic bombs, back doors are the examples of this type of software. “Malicious software may generate fake e-mail with a special attachment that installs the malicious code on your computer. Web sites that offer downloads such as media players, web browser add-ons or search tools may “piggyback” malicious advertising or spy software with their downloads”, “ Identify the Source of Unknown Software and Files”.
This malicious software contacts the internet or computer systems and stops the normal operations of internet and their services. Virus, worm, logical bomb, Trojan horse, trapdoor, kit (virus generator), exploits are the malicious code.
Virus is the small software or small code that is infects the internet services such as business related web services and their mechanism. This virus code is passed to other program and they replicated itself.This code damaged the files and other programs.
Example E- mails virus damages the e-mail messages and also they automatically mailing the messages, deleting message etc.
Worms are the other treats. “ A worm is a virus that does not infect other programs. It makes copies of itself, and infects additional computers (typically by making use of network connections) but does not attach itself to additional programs; however a worm might alter, install, or destroy files and programs.”, “www.unitedyellowpages.com/internet/terminology.html ” This worm is also replicated and they passes computer to computer through internets. In the case of E-Business this computer worm delete information in their website and their database. Worms has following ability
- Remote executions
- remote login
- e-mail facility.
This worm modifies and damages the web documents. Example.html ,.htm ,.asp files and documents.
Backdoor is the Program modification.it modifies the code of some business documents.Which also have unauthorized resource accessing.
Trojan Horse damages the documents and files. This Trojan Horse implemented by the electronics bulletin board system.
“An increasing number of worms and viruses are blended threats — giving malicious code more ways to get into office networks and more ways to damage them”, “Smarter ‘Blended Threats’ Replacing Simple Viruses ”.
Blended Threat attacks damages the network services. this Blended method using virus for attacking.Virus also append to message through email then Trojan horse are embedded to their HTML document.this Trojan horse are attacks the other computer. It also reduces the speed of network service.
Credit card Fraud
In this E-business technology credit cards are widely used by clients for their transactions in the business. Example when user wants to buy a product from a company.user can use their credit cards for payments of the product. This credit card also wants security. Some hacker damages the working of credit card and their secret authentication will break. ” The Federal Trade Commission (FTC) indicates: Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each year. While theft is the most obvious form of fraud, it can occur in other ways. For example, someone may use your card number without your knowledge.”, “ Credit Card Fraud”,
Mainly two types of spoofing is there in e-business technology mainly e-mail spoofing and IP spoofing.
E-mail spoofing: Spoofing techniques hacker changing victims information through e-mail header.
IP spoofing: “IP spoofing is prevalent in the network scanning and probes, as well as denial of service floods. How ever, the technique does not allow for anonymous Internet access, which is common misconception for those unfamiliar with the practice. Any sort of spoofing beyond simple floods is relatively advanced and used in very specific instances such as evasion and connection hijacking”, “ Misconception of IP spoofing”.
IP spoofing is the most commonly attacks in internet and other network services. In this method attacker accesses business tips and important messages. Hacker will create a malicious message. This malicious message is send to other system by spoofing their Internet Protocol address. This type of attacks attacker concentrated on the Network layer (OSI reference model IP spoofing attacks is classified into two
Blind spoofing Non blind spoofing
Non blind spoofing has the attacker and victims using same subnet. In this method attackers overcome authentication stage by using malicious code.
Today all business organizations and customers are very security conscious to protect their information and their documents.New high technologies are developing for protecting e-business and other internet application. At the same time hacker or unauthorised users find new methods and tricks for breaking this security. So security has to face more challenging situations. Business organization or company must have keep their information and files so securely. In e-business technology files and their transaction are moving through internets. Current technology developed new software and highly improved communication techniques. Peoples will not have more information about these software and new technologies so chances of vulnerabilities are increased. In global commerce technology has less cost for data transmission and high information are included. Hacker looks for these techniques, attacking or accessing information chances are high.
E-business technology contains six important phases for security. They are
- Confidentiality: Main security solution of this phases to prevent unauthorized access of resource Take of data or document only from authorized party. This data confidentiality includes connection confidentiality, connectionless confidentiality, selective –field confidentiality, Traffic Flow confidentiality. Connection is confidential which protects customers from data on a connection. To maintaining of data confidentiality data are kept in securely. Only shares legimate user can use it. Authentication is very carefully and strongly followed.
- Integrity: Some virus modified or corrupted the data or code inside the internet services. Data integrity should prevent these types of virus. It provides integrity of all users and organizations data on connections.
- Availability: Availability is different from different company or organizations. Important problem involving the availability is denial of services (DoS).This Dos attacks have particular target.Disruption of entire network. To protect from this attacks two methods are used. Availability service protects a network to ensure its availability. Suitable management and System resource controls depend on the security services.
- Legimate use: Hackers take resource from organizations. These hackers breaks the security of business organization. Hackers are mainly concentrated on passwords, sending different types of virus etc.
- Auditing: E-business technology business tools, security must be audited. Because hacker changes or damages the websites and its services.continuous auditing is must follow the all business organization.
- Non repudiation:
- It protect from denial services
- Non repudiation, Origin-It verifies or proof message.That message sanded by specify party.
- Non repudiation, Destination-It proof the message.This message received from any specifies party.
E-Business security Tips
Create culture of security
Business field e-business technology is widely used.so online security is very important their transaction and services. Business organization and customers are worry about their security of data or files. Now a day’s new and highly affective technologies are developed for network communications and internet services. Organization and customer will not get full information about new security techniques.Organization or company must following tips.that is very affective for their security problems. All staff in the organization are must read about the current internet Essential and also use their resource in a specific manner. Organization setup security programs these programs are highly affective for security and online tutorials should use the measurement of internet security.
Installing anti-virus software and it must be regularly updated
“Today’s malware is often focused on identity theft. Even a single infector bypassing antivirus software can cause a lifetime of harm to its victim. Perhaps one of the most important adjuncts to antivirus software is to take measures to protect your identity”, “Antivirus, Firewall, and Security Software Reviews”.
Protection from virus attacks organization must keep any virus software. Anti-virus software keeps files and documents from some attacks such as Trojans, worms, etc.
Prevention method is the setting some powerful anti-virus software, do not open unrecognized person’s e-mail attachments. Sometimes viruses are in these e-mail attachments (Trojans horse attacks).
Firewall protects systems and networks. Firewall performs as a gate. “ Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that’s why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.”, “How Firewalls Work”. It protects hardware and software. Firewall regularly watches the incoming information and out going internet information and ignore the information. Install firewalls and it should be regularly updated. It should be a good protection method
Must keep password securely
Password cracking is the biggest problems in the e-business and other network related security. Commonly users are select text based passwords for authentications. This text based password has less security. So users must concentrate their passwords. Alpha numerical password and graphical password has much more ability to prevent security attacks. so user must use strong password for authentication. Does not use dictionary based weak password. Hacker easily guesses or breaks these types of passwords. To create a secure password user must remember the following tips. This password tips increases the password security and reduces the password cracking attacks.
- It should be at least of eight alphanumeric characters long, it should contain both upper case and lower case characters.
- The words from any language, dialect, jargon, or details based on his/her personal information like names of family members, home place etc.
- Ideal passwords should be difficult for others to guess and should be easy to memorize.
- Don’t choose a password similar to the old one.
- Password should not be noted down in easily accessible document or stored online.
Minimize spam activities
Spam is a type of junk mails. This spam contains worms, Trojan, or other malicious software. To reduce the spam activity some protecting software are available. This software helps to protect the network service by blocking virus or worms. Reduce the spam virus network systems must add spam filter.
Should not open unrecognized messages
Should keep back up data securely
Business organization must safely keep their back up data.virus or some malicious programming code will documents and files. Back up document recover these types of attacks in E-business technology.
Should keep organizational software regularly
Business organization must check their software Up-to-date.This checking will prevent network attacks. Automatically updated software must be used for business purposes.
Security policy must develop and maintain
In E-business technology organization must generate and follows high security policy. Security policy must want the complete analysis of recourse include business.
To maintaining a security policy customers and company should be aware of security.
Regular checking of e-mails and other internet services must keep security. these tips are keep for E-business technology from attacks. Using this above tips E-business will have save money and their important time.
User and organization must use protection scanners.this scanner remove spy ware, virus, worms, and unwanted software.
Organization using e-business must concentrate on identifying customers or other side parties involving their business. And protect date from unauthorized accesses
Steps to be considered for developing a website for a successful e-business
- An eye catchy and attractive website must be created. It should contain the exact details of the company and also correct contact information. The site should also contain the details of the product. It must be an interesting one and also the customer should feel comfortable while using it, so that it should inspire the customers to purchase again from this site.
- The next step is that, the customer-company interaction is done through emails. They should have the email id from the customers, as emails maybe the major method of interactions. Also information may be published through web site. The site should be capable of storing large organizational information.
- The site should have perfect integrations within the company. The whole process of the organization.
- Here transactions of organization with the stakeholders are worked out. Also the organization can interact with suppliers, shareholders and different types of stakeholders.
- Transactions with the customers which includes payment procedures which is been automated, delivery procedures of the product to the customer, and providing different services that the company provides for the product after its sale.
One of the examples of a successful e-business process is Federal Express, and has successfully been in this field for last 16 years. They have a business of 2.5 million packages delivery daily to 211 countries, and also 99 percentage of on-time delivery.
For a successful e-business, the profit of the business should be studied well, it should be pre planned. It should be focused mainly on customers, the latest and effective technologies should be used to bring out the maximum outcome.
The overall procedure in developing web application in e-business
The software development undergoes different phases which may follow specific standards, methodologies, modeling tools, languages etc.
“The basic steps involved in developing a web site include creation of the site, pages and navigation on a local computer, uploading the material to an online site, editing the material, and synchronizing your changes.”, “Basic Steps in Developing a Web Site.
A whole developing team works together for the successful development of website. The different steps undergone for the development of a website are
- Analysis: It is the stage where the team members starts to study or gathers information of the organization from the clients and also from other source.
- Specification Building: The whole project is divided into small modules just like site navigation, the dynamic portions of the site, the general layout etc. After the revision is over and if the document written for the current stage is been approved, a report is prepared, which should include the cost of the project, its working etc, An overall scope of the project is been prepared
- Design and development: Here the development of the website will be started. According to the proposal, the graphics and different tasks like navigation and layouts a prototype will be created. The development will be strongly based on customers’ opinions. They will interact through emails, telephones, fax or even directly. Website design including templates, pictures and prototypes are included
- Content Writing: These people play an important role in web designing. Professionally trained content trainers are used to add contents or information related to the company. This is the person who does grammar and spelling corrections and it should be completed by this phase.
- Coding: The overall design is been created. Now the developer has to write codes for developing the site strictly following the design. Interaction between developer and designer may be needed, to know the actual flow of the project. He also needs to know about the navigations required. There is also chance that the developer needs certain tools that the designer has to create it for the person. All the database coding needed for the database interactions are also written.
- Testing: A web-based project has more chances for getting errors, mainly due to the multi-user system. There are many test which can be used for testing. After the testing is over a completed a completed project will be received. There requires a complete interaction between the designer and developers.
- Promotion: After a website is been created, this stage. In this stage preparing meta tags and regularly analyzing and submission of the URL to the search engines and directories are required. Submission of URL once in maximum of two months will be good method
- Maintenance and Updation: Once a website is been uploaded in web, it is needed to update frequently so as for the smooth and erroneous functioning of the website. Updation includes technical maintenance, latest promotions, content management as the requirements of the organization. It can be updated by repeating lifecycle steps with the developers and the designers. It may require special training for the team members.
It is the work of software engineers for developing effective website for an organization. The engineer has to make a detailed study of the organization strictly following all the above steps. Software engineering has to be included for developing website. “Software engineering (SE) is concerned with developing and maintaining software systems that behave reliably and efficiently, are affordable to develop and maintain, and satisfy all the requirements that customers have defined for them.”, “Software Engineering”.
For developers, developing a website is a project, and developing a project is really a complex task. To avoid the complexity the whole process has to be managed well. The engineer has to consider four things. They are people, product, process, project, which is been called as four p’s.
It is the work of the engineer to organize people for the overall development of the project and the effective working of the software. Even there are “people management capability maturity model” which defines certain key points like recruiting, selection, work design, team/culture development etc. where a developer should be strong enough so that the developer can be called as matured in the developing field. The people that participate in software development and having different roles, they are players, team leaders, and the software team. Players include senior managers, project managers, practitioners, customers, end-users etc. The job of the team leader is to organize the people with the project. The software team includes people who is concerned with the software developing.
The developers has to analyze the product in detail. Only if they analyze it properly, the software will come out effectively. They study the software scope of the product. After that the problem is been partitioned to have a detailed study.
Its an important part in development because, it’s the place where the engineer has to decide which process is suitable for developing the software. It is actually a confusing task. There are different process’ and some of the important ones are explained below.
- The Linear sequential model
- The Prototyping model
- The RAD model.
- The Spiral model
- The WIN WIN spiral model
- The Component based development model
- The Concurrent development model
The above mentioned steps are for the development for a successful software project. And if cases like software is difficult to understand, the scope of the product is poorly defined etc happens the software becomes a failure.
Analysis phase of developing e-business
It can be defined as a most important part of designing because; it is the stage where an engineer creates a skeleton of the required website or software. “The evolution of Web applications needs to be supported by the availability of proper analysis and design documents.”, “Supporting Web application evolution by dynamic analysis”. During this stage the analyst collects data about the customer, the organization, the actual behavior how the project should work etc. For the collection of data the engineer requires a group of audience, who can valuable information. All the related parts like the software, hardware, people, and information undergoes analysis.
The important thing about the analysis phase is that it should not be time consuming, cost-effective and also should be able to collect original data. Along with the analyst designers, developers and tester also have to work together for obtaining real data and construct a error free structure. The methods followed for gathering information during the analysis phase are
- Organizing a questionnaire or survey: it is a method of asking questions to a sample of students and the answers are recorded and studied detail.
- Direct observation: The analyst goes to the organization and studies the working process directly.
- Indirect observation: here the analyst examines various reports of error rates, sales, surveys conducted for studying the customers satisfaction etc.
- Focus groups: Analyst may interview the customers which may be of a group of experts or who are related with the organization. The analyst may contact the clients through telephones, emails, fax, chats etc. for gathering data.
After the analysis phase the analyst prepares cost of the project, requirements of developing team, about the system requirements also the required documents for reference.
The steps of analysis
- Evaluation of the business and studying the project goals: the actual project should be understood by the analyst. The actual business goal should be understood.
- Analyzing the tasks and behaviors of the project: After the goal is been understood, it is the stage to understand different tasks and operations that comes under the project.
- Learners Assessment: After analyzing the required goal and also the tasks, it’s the phase to analyze the required people who can help in sharing data. The audience is accessed by their attitude, characteristics, psychographics, experience details from the organization, knowledge etc.
- Technology Assessments: Hardware and software details that the client own, like the processor, network, operating system ,video standards, screen resolution, internet connections and many more. They study the limitations of the client and consider it during the development.
- Analysis data: After the analysis is been completed the analyst will have required information as well as extra information also questionnaires stored in worksheets.
After the software has been developed, the next important task is validation.
“Data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications.”, “A Modular Approach to Data Validation in Web Applications”, “Stephen de Vries – Principal Consultant at Corsaire”.
There are different validations to be done so as to get an error free software. They are
- Web Application Firewall validation
- Web Tier validation
- Domain model validation.
A modular approach is been used for the validation purpose. The two main factors that should be used are
- Data validation to check the scope of the variables while data processing, it will be checked with some validation rules. Since data objects are dependent to the data type, validating the data objects in the business object will be easier. For example if a variable has to hold weights, it should always hold positive real number value, and if it takes a negative value, it should be reported by an alert, and it should be corrected.
- Data validation to check different meta-characters before the data is been processed and also before accessing data. For example checking for characters that has a special meaning in the language used and informing it.
Principles of validation
- Reduction of data into its canonical format: Before the validation is to be done the data has to be reduced to its canonical format like Unicode, ASCII etc. and then the chances of creating errors are minimized and also attacks from data processor can also be checked.
- Validation strategies: Strategies like ‘reject bad data’ and ‘accept good data’ are used to get good data. Here data is been validated with the data type, data length etc.
Client side validation and Perimeter validation
Client side validation is not accepted because the users’ view of validation may be wrong and foolish. So server side validation of data is always required. Also it is preferred to have a external validation layer ,so that only validated data will reach business logic level. It will be accessed in the application layer. Perimeter validation is controlled at the controller.
So a perfectly validated project in all the mentioned states will give less chance for creating errors and thus revalidation can be neglected.
To day all organization has its own websites. These websites are also a software. After the creation of web pages testing is the important.Testing and implecation is with respect to the quality of the software. It should test the errors in their coding. “When developing a website, there are many parts that need to come together at the end of the development to make the site whole. However, quality control can be done throughout development to ensure a quality end product.”, “Quality Control: The Importance of Website Testing”, “Part Testing and the Test Drive”. System testing creates a logical assumption, it check part of webpages cods and their tools are correct or not.
Testing has mainly two states
- Function Level: This level testing the individual program developments, efficiency are tested.
- Module Level: This testing level module interface is tested.
After testing appropriate error messages are generated. After completion of this testing acceptance test are used. it test is on the running the system with live data by actual user.
Testing a software or webpage some testing methods are used.Unit testing, Integration testing, Validation testing are examples of testing method. Unit testing test takes individual modules of the programming code. Integration testing complete codes are checked. Validation testing checks the code or their methods are valid or not
This project has covered most of the security threats and the required security measures needed for it. An ideal e-business will be one which will implement all the required security measures, which will follow the correct steps for developing a project. It should also be validated completely and updated regularly. All the requirements meant for the customers should be include. The website should be attractive. Security tips needed for organizing a secure website is also explained.
What is e-Business?”. Web.
“ Identify the Source of Unknown Software and Files”. Web.
“Smarter ‘Blended Threats’ Replacing Simple Viruses ”. Web.
“Misconception of IP spoofing”. Web.
“Antivirus, Firewall, and Security Software Reviews”. Web.
“How Firewalls Work”. Web.
“Stephen de Vries – Principal Consultant at Corsaire”. Web.
“What is ebusiness?”. Web.
“Basic Steps in Developing a Web Site ”. Web.
“Software Engineering”. Web.
“Supporting Web application evolution by dynamic analysis”. Web.
“Quality Control: The Importance of Website Testing”, “Part Testing and the Test Drive”. Web.
Alfred V. Aho , Ravi Sethi , Jeffrey D. Ullman, Compilers: principles, techniques, and tools, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1986.
G. Antoniol, G. Canfora, G. Casazza, and A. D. Lucia. Web site reengineering using rmm. In Proc. of the International Workshop on Web Site Evolution, pages 9-16, Zurich, Switzerland, 2000.
Paul Warren , Cornelia Boldyreff , Malcolm Munro, The Evolution of Websites, Proceedings of the 7th International Workshop on Program Comprehension, p.178, 1999.
Brad A. Myers , Margaret Burnett, End users creating effective software, CHI ’04 extended abstracts on Human factors in computing systems, 2004, Vienna, Austria.
Filippo Ricca , Paolo Tonella, Testing Processes of Web Applications, Annals of Software Engineering, v.14 n.1-4, p.93-114, 2002.
Yao-Wen Huang , Chung-Hung Tsai , Tsung-Po Lin , Shih-Kun Huang , D. T. Lee , Sy-Yen Kuo, A testing framework for Web application security assessment, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.48 n.5, p.739-761, 2005.
M. Pistoia , S. Chandra , S. J. Fink , E. Yahav, A survey of static analysis methods for identifying security vulnerabilities in software systems, IBM Systems Journal, v.46 n.2, p.265-288, 2007.