Merchant Web Applications Defense in E-commerce Enviroment

Abstract

Protection of merchant Web application is a process that requires constant monitoring of security threats as well as looking for solutions in this field. Since protection has moved from the lower layers of OSI models to the application layer and having in mind the fact that 75% of all the attacks are performed at the application layer, special attention should be paid to creation of Web applications. If we take in account the fact that mistakes made by the very programmers influence upon Web application vulnerability with 64%, it is clear that special attention must be paid to writing code, being familiar with threats as well as with already known ways of protection of Web applications. This paper deals with classification and description of the threats directed toward merchant Web applications in e-commerce environment and ways of protection against the threats. Also, this paper presents real Web application defense against Cross-site Scripting and SQL Injection attacks.