Welcome to SecurityDocs

A collection of 8,050 IT security white papers, carefully curated by professionals like yourself

Common Security Vulnerabilities in e-commerce Systems

by K. K. Mookhey

The tremendous increase in online transactions has been accompanied by an equal rise in the number and type of attacks against the security of online payment systems. Some of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software. Other attacks have used vulnerabilities that are common in any web application, such as SQL injection or cross-site scripting. This article discusses these vulnerab...

Sept. 25, 2017 1 comment Symantec Pen Testing & Audits

Introduction to IT Security

by Zainab Nawal

Within last fifty years, technology has conspicuously emerged as a striking tool of lives of many people. Technology is encapsulated aggregately in digital computers, which tends to fulfill needs of people in daily lives. During 1950s, when first digital computer, UNIVAC I, was introduced, it was known to few people and mostly found in research laboratories (McCarthy and Stafford, 2003). But now, as IT reached advancements, people became conscious regarding security of their IT systems. The a...

Sept. 17, 2017 4 comments 4 minute read Encryption & Authentication

Inspection Grade Card for Conducting E-Commerce

by Andrew McAllister

For e-commerce site owners: Using the “grade card” above, have a competent computer security specialist review each e-commerce site in the organization. Descriptions of each category and item to be graded are provided in the text below. Use the descriptions and sample questions to prepare for the inspection. You will receive a letter grade in each of the seven categories. To pass the inspection you must receive a letter grade of “C” (75%) or higher in each category. Higher scores mean...

Sept. 1, 2017 0 comments SANS Institute

eCommerce and Defense in Depth

by Clayton Dillard

There has never been a time when so many businesses have offered their products over the Internet as now. No matter what your company is selling or who your customers are one truth remains concerning eCommerce - Security is critical. Every day hundreds of online commerce sites are broken into. You may not read about it in the paper or see it on the evening news but it happens. Some of these attacks and subsequent breaches go unnoticed even by those who are charged with the duty of maintaining...

Sept. 1, 2017 0 comments SANS Institute Detection & Response

Unique Characteristics of Ecommerce Technologies and their Effects upon Payment Systems

by Stephen Burns

Payments are the life-blood of commerce. With the shift to electronic means of doing business it is logical that payments will follow the same route. This has been the case as electronic means of making payments have rapidly evolved since the first computers were installed in the banking and finance system. However, initially, the electronic payment systems were under the tight control of the banks with bank personnel being the payment initiators. Even with the introduction of ATM’s and EFT...

Sept. 1, 2017 0 comments SANS Institute

Shopping for Security

by Kimberly Lemieux

As the internet evolves and organizations establish or enrich their web presences, people are interacting with an evolutionary, exciting, and efficient technological tool for conducting business. Today, the public enjoys shopping and banking from the comfort of their home while companies save money on processing transactions and hiring employees. However, with any innovation, there are obstacles to overcome before the venture is deemed successful. In ebusiness, encompassing any transaction...

Sept. 1, 2017 0 comments SANS Institute Management

Information Security Issues in E-Commerce

by David Olkowski

The Internet has evolved far beyond a collection of research and government technology labs and communications centers for which it was founded. The opening of access points on this global collection of local networks to commercial enterprises in the early 1990’s spurned numerous innovations to produce immense increases in speed of transfer and quantity of storage of data capital. The means of competing in a free market economy adapted, and productivity increased at a much faster pace in ...

Sept. 1, 2017 0 comments SANS Institute

A Trusted Smart Phone and Its Applications in Electronic Payment

by Changying Zhou

With the growing intelligence and popularity of mobile phones and the trend of cellular network’s convergence to IP based network, more and more mobile applications emerge on the market. This paper analyzes the building blocks of the trusted smart phone and proposes a framework to provide a trusted platform for mobile electronic payment

Sept. 1, 2017 0 comments SANS Institute

Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data

by nuBridges, inc

The scope of PCI DSS compliance for any organization is significant both in terms of effort and cost. In a PCI DSS audit, all systems, applications and processes that have access to credit card information, whether encrypted or unencrypted, are considered in scope. The October 2008 update of the PCI DSS documentation (version 1.2) states that companies can reduce the PCI DSS audit scope using network segmentation to isolate the cardholder data in a secure segment. From an applicatio...

Sept. 1, 2017 0 comments SANS Institute Management

Security of Mobile Banking and Payments

by Vanessa Pegueros

A clear and emerging new channel in the space of banking and payments is mobile. A key challenge with gaining user adoption of mobile banking and payments is the customer’s lack of confidence in security of the services. Understanding the mobile banking and payments market and ecosystem is critical in addressing the security challenges. There are new security risks introduced with mobile banking and payments that must be identified and mitigated. There are risks that have both an existin...

Sept. 1, 2017 0 comments SANS Institute

Protecting Small Business Banking

by Susan Bradley

Online financial transactions are increasing exponentially; online attacks that attempt to capture credentials, intercept information, and divert funds from small businesses are as well. Small business owners are being increasingly targeted for financial based online crimes. Even worse, they are typically ill prepared and unable to take appropriate actions against the perpetrators of these crimes to recoup their losses. The current legal environment in the United States leaves these small ...

Sept. 1, 2017 0 comments SANS Institute

An Overview of Session Hijacking at the Network and Application Levels

by Mark Lin

With the business of ecommerce booming, more and more sensitive information is being passed around on the web. Financial and identity information are constantly at risk of being stolen as more and more users take advantage of the ease of doing business online through web applications. The purpose of this paper is to discuss one particularly salient security threat that this creates: session hijacking. It is important to understand this threat and to make an effort to design networks and appli...

Sept. 1, 2017 0 comments SANS Institute Encryption & Authentication

"SET" to Pull Down the Insecurity Barrier in Front of E-commerce

by Onur Arikan

Thousands of people use their credit cards everyday, to make payments over the Internet. But still giving out their credit card nu mbers make many of them feel insecure and others even reluctant to use the net although all technical possibilities are there. For this reason to encourage even more customers for electronic commerce, they should be assured that the credit card numbers are totally safe and not seen by anybody all through the process. And this is exactly what “Secure Electroni...

Sept. 1, 2017 0 comments SANS Institute


We'll send you a carefully curated list of the best IT security white papers to your mailbox every Friday.