MSS: Chapter 3 Shopping carts & Payment gateways McClure, Stuart, Saumil Shah, and Shreeraj Shah. Web Hacking: attacks and defense. Addison Wesley.

Slides:

Advertisements

Similar presentations

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.

Advertisements

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

e-DMAS Consumer Web Order Entry (WEBOE8) An Enhancement For iSeries 400 DMAS from  Copyright I/O International, 2003, 2004, 2005 Skip Intro.

E-commerce Chapter 9 pp E-Commerce Buyer 1. Search & Identification 3. Purchasing 2. Selection & Negotiation 4. Product & Service Delivery 5.

Principles of Information Systems, Sixth Edition Electronic Commerce Chapter 8.

Electronic Commerce Systems (e-commerce)

E-Marketplaces: Structures and Mechanisms

Internet Sellouts Final Presentation Enterprise Architecture Group.

Principles of Information Systems, Sixth Edition 1 Electronic Commerce Chapter 8.

McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin Copyright © 2008 The McGraw-Hill Companies, Inc.

Copyright © 2002 Pearson Education, Inc.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

System Analysis and Design

1 Chapter 9 Electronic Commerce and Electronic Business.

E-Commerce: The Second Wave Fifth Annual Edition Chapter 9: Electronic Commerce Software.

Electronic Commerce Systems

Thursday, February 10, Management of Information Systems: Mini-3 Spring 2000.

Chapter 9 e-Commerce Systems.

“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.

TRANSACTION PROCESSING SYSTEM (TPS)

E-Commerce Solutions. What is e-Commerce  Simply put, e-commerce is the online transaction of business, featuring linked computer systems of the vendor,

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

ELC 200 Day 9. Agenda Questions? Assignment 2 is Due Assignment 3 is posted  Due Feb. 25, 2014  assignment3.pdf assignment3.pdf Finish Building an E-commerce.

FORESEC Academy FORESEC Academy Security Essentials (II)

What is E-commerce Safety Precautions Password Strengths

Point of Sale Collection, cleanup and data analysis.

Chapter 1: Electric commerce

Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.

Principles of Information Systems, Sixth Edition Electronic Commerce Chapter 8.

1 An Introduction to Electronic Commerce Electronic commerce: conducting business activities (e.g., distribution, buying, selling, marketing, and servicing.

9 - 1 Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved. Electronic Commerce Systems Chapter 9.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 43 Shopping on the Internet.

Invitation to Computer Science 5th Edition

Chapter 10 Developing a Web-Based Online Shopping Application (I)

JavaScript, Fourth Edition

Your Name Here See Page Notes for Info about Hyperlinks.

E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the Internet.

E-commerce Vocabulary Terms By: Laura Kinchen. Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the.

CS453: State in Web Applications (Part 1) State in General Sessions (esp. in PHP) Prof. Tom Horton.

Designing System for Internet Commerce 6. Functional Architecture Jinwon Lee.

Chapter 4 Getting Paid. Objectives Understand electronic payment systems Know why you need a merchant account Know how to get a merchant account Explain.

COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.

Chapter 1: Electronic commerce

E-commerce What are the relationships among: – Client (i.e. you) – Server – Bank – Certification authority Other things to consider: – How to set up your.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

9 - 1 Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved. Electronic Commerce Systems Chapter 9.

Web-Based Commerce Auto Parts Store presented by Victor Hsu.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST

Chapter 9 Electronic Commerce Systems Slide 1 Well, Sort-of.

McLean HIGHER COMPUTER NETWORKING Lesson 8 E-Commerce Explanation of ISP Description of E-commerce Description of E-sales.

ELC 200 Day 9. Agenda Questions? Assignment 2 Corrected  All A’s and one A+ Assignment 3 Posted  Due October 8  assignment3.pdf assignment3.pdf Quiz.

Flexible Registration for Community Education Dottie Marron Delivery Center Manager Student Administrative Services Consulting Center.

WEB SERVER SOFTWARE FEATURE SETS

Electronic Commerce Chapter 11 – Computers: Understanding Technology, 3 rd edition 1November 17, 2008.

9 - 1 Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved. Electronic Commerce Systems Chapter 9.

The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.

E-Commerce Systems Chapter 8 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

Electronic Commerce Semester 1 Term 1 Lecture 7. Introduction to the Web The Internet supports a variety of important tools, such as file transfer, electronic.

Ecommerce solutions in India Ecommerce Website Development is a new field in website development. It's not like other general website designs, as it gives.

E-Business Infrastructure PRESENTED BY IKA NOVITA DEWI, MCS.

HCS 212: Introduction to MIS

Chapter 5 – E-commerce and Enterprise Systems

PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471

Chapter 9 e-Commerce Systems McGraw-Hill/Irwin

E-commerce Chapter 9 pp

Introduction to Servlets

Session Hijacking Tarun Lall.

Lecture 2 - SQL Injection

Presentation transcript:

MSS*: Chapter 3 Shopping carts & Payment gateways * McClure, Stuart, Saumil Shah, and Shreeraj Shah. Web Hacking: attacks and defense. Addison Wesley

Web Security2 Evolution of Shopping  Farmers’ market  Store shopping  Supermarket  Catalog shopping   On-line shopping: combines the experience of both in-store shopping and catalog shopping + Web-based applications offer more interactivity and multimedia presentation than a printed catalog. + Web-based applications typically provide searching capabilities, which are not available in the traditional in-store shopping or catalog shopping. + Web-based applications can be tailored to different shopping styles.  “no-pressure” shopping experience Q: Are there any drawbacks or specific requirements?

Web Security3 Evolution of Shopping  What are the factors that may drive potential customers away from web-based shopping? - Is concern over security real? - Ease of use - Anything else?

Web Security4 Traditional retail business

Web Security5 computerized retail business

Web Security6 E-commerce model

Web Security7 E-commerce model  Characteristics:  A web portal represents the company’s web identity.  The portal serves as an entry into the electronic store.  A web site hosting multiple applications that interact with an array of servers (other web sites, financial processing, transaction processing, back-end databases, etc.)  Q: What makes an e-commerce different from a computerized retail business?

Web Security8 E-commerce model  An exercise: The e-commerce model diagram is not really an ER diagram. Modify/refine the model and turn it into a real ER or EER diagram.  Hint: Add relationships  Part of your project: preliminary design

Web Security9 E-commerce model  The need for peer-to-peer communications  An extranet is an inter-network linking different companies’ internal network.  What are the requirements of an inter- company web-based application?  Trust!  Authentication  Non-repudiation  Anything else?   Web-services

Web Security10 Web Services  Multi-party Web services

Web Security11 E-shopping cart systems  Uses of an e-shopping cart:  Temporarily stores what the customer has picked;  Provides a summary of the items (prices, S&H cost, etc.) in the cart when needed (per the customer’s request or at the time of checkout);  The customer may replace items in the cart until the transaction is finalized.

Web Security12 E-shopping cart systems  The e-shopping cart application forms the heart of the e-shopping application.  It binds the customer, the product catalog, the inventory system, and the payment system together.

Web Security13 E-shopping cart systems  Implementation requirements:  Accuracy: It correctly records what the customer has picked and changed.  Flexibility: It allows the customer to freely replace items in the cart.  Integration: with the product catalog, the inventory system, and the payment gateway.  Integrity: No tampering of the cart’s content, whether by malicious 3 rd party or programming errors (e.g., across two different carts)

Web Security14 E-shopping cart systems  Components:  Session management  Product catalog application  Payment gateway  Back-end databases (e.g., product inventory, customer information)

Web Security15 E-shopping cart systems  Sample problems with insecure shopping carts:  Remote command execution over HTTP  Unprotected sensitive information retrievable via HTTP  Improper or no ‘input sanitization’  results in remote command execution  Modified hidden HTML form fields

Web Security16 Payment processing system  The checkout process: 1. Finalize the order 2. Choose method of payment 3. Verify of the chosen payment method 4. Log all transactions 5. Fulfill the order 6. Generate a receipt

Web Security17 Payment processing system  The payment gateway interface: Figure next page  Interacts with the order information page, the back- end databases, and the payment gateway  Provided by the institution that hosts the payment gateway (e.g., Verisign or PayPal)  Integrated into the e-shopping application and invoked by the electronic storefront app.  SSL encrypted interface with the payment gateway (Q: how about i/f with other components?)

Web Security18 Payment processing system

Web Security19 Payment processing system  Payment system implementation issues:  Never trust “sensitive” data passed from the client side. Why?  Do not store temporary info within the Web server’s document folder. Why?  Temporary info should be destroyed after its use.  Use SSL to encrypt communication links. Why?  Carefully protect user profiles!