*In today’s scenario e-commerce business is growing with a rapid pace. Most of merchants are trying to sell their product or services online using B2B (Business to Business), B2C (Business to consumer) and C2C (Consumer to Consumer) applications. These web applications are being developed using a wide variety of technologies like ASP, ASP.NET, JSP, AJAX, and XML etc. There is tremendous amount of critical and confidential data is flowing and stored in these online web applications. This data may include credit card holder information, results of university exams, data relevant to competitors etc. Hence security is key issue which is always associated with these applications. There are different levels of the threats and vulnerabilities associated with e-commerce business. These threats can be at the network level as well as software level.
Before developing and designing one need to think and consider comprehensively all the threats / vulnerabilities/ security attacks related to online marketing company which is storing the credit card holders’ information and some other critical information, involving the online transaction of money. The vulnerabilities and threats like SQL injection, incorrect type handling, Blind SQL injection, Cross- site Scripting, vulnerabilities inside a database server, vulnerability of stored procedures. It has also been recommended sites which are holding the credit card information or other relevant critical information should have highest level of compliance for PCI-DSS (Payment card industry – Data security standard). Basically there are four levels of compliance for PCI DSS. As per the number of transactions one may choose required level of compliance. In UK, compliance of PCI DSS by all online merchants will be compulsory by the end of year - 2008
Before developing and designing one need to think and consider comprehensively all the threats / vulnerabilities/ security attacks related to online marketing company which is storing the credit card holders’ information and some other critical information, involving the online transaction of money. The vulnerabilities and threats like SQL injection, incorrect type handling, Blind SQL injection, Cross- site Scripting, vulnerabilities inside a database server, vulnerability of stored procedures. It has also been recommended sites which are holding the credit card information or other relevant critical information should have highest level of compliance for PCI-DSS (Payment card industry – Data security standard). Basically there are four levels of compliance for PCI DSS. As per the number of transactions one may choose required level of compliance. In UK, compliance of PCI DSS by all online merchants will be compulsory by the end of year - 2008
