Designing a Secure Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems

Currently e-commerce system security focuses on mechanisms such assecure transactional protocols, cryptographic schemes, parametersanitization and it is assumed that putting these in place willguarantee a secure e-Commerce application. However, oftenvulnerabilities in the business application logic itself are oftenignored that can make the effect of these security mechanisms nulland void. Essentially, the weakest link can be at the serverrather the client and ignoring this is done at a developer'speril. This paper focuses on this weakest link in e-commercesystem. In particular, it considers component-based middlewareplatforms where vulnerabilities may exist in the middleware itselfor the components used to construct the e-Commerce application. Weoutline a logic attacks that would not be prevented by thedeployment of the mechanisms commonly used in e-Commerce systems.To counter this problem, we present a secure framework methodbased on existing techniques that treats security as a first-classconcept and considers its interaction with business logic.