ANSWER TO QUESTION ONE
Organizations implement various countermeasures to protect data from vulnerabilities. The countermeasures are integrated into the design phase of the target e-commerce web application. Therefore, a thorough and comprehensive assessment of all the risks and vulnerabilities that an e-commerce website application might face. The key and target information assets that the e-commerce website application might have are identified which may include the credit card numbers, transaction details of the users, configuration information and user identification (Niranjanamurthy &Chahar 12). The information assets are then categorized according to sensitivity. The analysis of the vulnerability probabilities of the system is then undertaken by the developers according to the chosen tentative architecture. The vulnerabilities are then listed from which the system countermeasure design is undertaken while modifying the architecture accordingly. The countermeasures have to accommodate secure coding approaches such as a three tier modular architecture and strict routines for input validation.
ANSWER TO QUESTION TWO
A typical e-commerce application has six different functions. The functions are registration function, cart or basket function, payment function, function for product management, function for management of orders and function for the costs shipping and VAT deductions.
Misconfigured non-patched operating web server services is where the assembly of a web server safeguard is done incorrectly by leaving voids or holes within the framework of the security structure by the developers when coding. The unpatched misconfiguration have the ability to allow an attacker inside the system and hence compromising the security.
Insecure development coding practices is type of vulnerability where the developer develops a program which is susceptible to vulnerabilities by not observing the secure coding standards.
Weak passwords with no two factor authentication or password life cycle is another type of vulnerability where weaker pass without 2-factor authentication become vulnerable either by brute force attacks and stolen password databases.
ANSWER TO QUESTION THREE
In order to minimize the risks of the unpatched misconfigured operating web server service, the developer engages in implementing operating system and web services harding and patching requirements that incorporate a continuous monitoring, patch and vulnerability management system.
To minimize the vulnerability risk due to the insecure development coding practices, the developer has to implement developer secure coding practices in the life cycle of development. Such safe practices have to incorporate a third party code scanning services including static self-protection, dynamic self-protection and production runtime self-protection.
Minimization of the vulnerability risk due to weak passwords requires the implementation of a strong password policy that combines complexity, history and password age. The password should have a two-factor authentication solution that incorporates a one-time passcode to a trusted email address or registered device.
- Niranjanamurthy, M., and DR Dharmendra Chahar. “The study of e-commerce security issues and solutions.” International Journal of Advanced Research in Computer and Communication Engineering 2.7 (2013).