System Hardening
In Web commerce systems, it is important to reduce the attack surface of the platforms involved by reducing or eliminating as many vulnerabilities as possible. Hardening can be accomplished by incorporating intrusion detection systems, installing anti-virus software, removing all non-essential software programs and services, closing all unnecessary ports, and generally configuring a system to protect it against unauthorized access. In this section, hardening will be addressed relative to Web commerce service level security, host level security, and network security.
Service Level Security
Web service level security is necessary for e-commerce providers and users to conduct business with transactional integrity. Because Web commerce systems involve electronic payment transactions that are attractive targets for attacks and fraud, it is critical that Web service level security is incorporated into the corresponding servers and applications.
Web Servers
The World Wide Web was developed based on the Hypertext Transfer Protocol (HTTP) and the Hypertext Markup Language (HTML). HTTP resides in the Application Layer of the TCP/IP stack along with other protocols, including FTP, Telnet, SSL, and SMTP. It is a transport protocol that is used to exchange information on the World Wide Web between an originating client or user agent such as a Web browser and a destination or origin server. HTML is one of the languages that is used to develop Web pages on the destination server. ...
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.