5 Security Vulnerabilities in E-Commerce Systems
September 13th, 2012 By:Tavis J. Hampton
Website security in general is always a top issue for web administrators, but certain types of websites tend to be more susceptible to attacks than others. Because of the nature of their content, e-commerce sites are often subjected to attacks and exploits. The best way to prevent and combat these attacks is to know the common vulnerabilities that e-commerce systems often have.
1. SQL Injection – Since many e-commerce software systems rely on database technology to store critical information, an attack on the database can be particularly nasty. An SQL injection attack can range from minor errors to giving the attacker full access to restricted areas of your server.
2. Price Manipulation – One of the most common features of modern e-commerce systems is that they are completely automated, from the initial visit all the way to payment. Some e-commerce software may have a vulnerability that allows the cyber criminal to insert a lower price into the URL and essentially get away with practically stealing.
3. Unsecured Authentication – Many e-commerce sites require users to use some type of authentication, usually to sign up for membership and login for each subsequent purchase. Ideally, these authentication sessions should pass through SSL encryption. Otherwise, an attacker could possibly glean sensitive user information over the web.
4. Cross-site scripting (XSS) – Like SQL injection, cross-site scripting is an attack method employed against all types of dynamic websites, but attacks on e-commerce sites can be especially damaging for a business. Using XSS, an attacker could setup a phishing scheme to steal sensitive user information, including credit card numbers.
5. Remote command execution – Poorly coded Perl and PHP scripts may be vulnerable to attackers who will insert shell metacharacters into a shopping cart URL in order to execute commands using the web server’s credentials. This can be particularly damaging, even fatal, to an e-commerce site.
One good way to prevent these types of attacks is to run comprehensive vulnerability scans. You should also keep your e-commerce software updated and periodically check for possible vulnerabilities that may be reported to security services. Finally, be sure to take all of the basic security precautions: use SSL, keep a secure password, and use an application firewall.
We have multiple locations for DDoS Mitigation, which allows clients to have lowest latency and prefences as well. Depending on the size and type of the attack, locations can be changed or combined to handle large or complex attacks