Title :
A Penetration Testing Method for E-Commerce Authentication System Security
Author :
Pan, Wei ; Li, Weihua
Author_Institution :
Sch. of Comput. Sci., Northwestern Polytech. Univ., Xi´´an, China
Abstract :
E-Commerce systems are suffering more and more security issues. Vulnerabilities of authentication systems are revealed when various attacks and malicious abuses are developed and deployed to violate security of system and information. To improve the ability to defend authentication system against invasion and abuse, a novel penetration testing method for E-Commerce authentication system is proposed to scrutinize the vulnerabilities of e-Commerce authentication system and evaluate severity level of potential vulnerabilities. The penetration testing method is an active vulnerability analysis and verification method that can mimic active attacks and perform exploitations by constructing effective and concise penetration testing cases. Through analyzing dynamic taint propagation, the presented method can determine feasibility of the attacks and evaluate security of authentication system. The experiment demonstrates the proposed method can serve as a viable and effective candidate for security detection of authentication system.
Keywords :
electronic commerce; message authentication; dynamic taint propagation; e-commerce authentication system security; penetration testing method; vulnerability analysis; Authentication; Computer science; Computer security; Conference management; Electronic commerce; Electronic government; Information security; Performance analysis; Performance evaluation; System testing; authentication system; e-Commerce; penetration testing; program vulnerability;
Conference_Titel :
Management of e-Commerce and e-Government, 2009. ICMECG '09. International Conference on
Conference_Location :
Nanchang
Print_ISBN :
978-0-7695-3778-8
DOI :
10.1109/ICMeCG.2009.111
