Designing Security Components for an Online Auction Site Essay

Exclusively available on IvyPanda Available only on IvyPanda
Updated: Nov 30th, 2023

Introduction

Online transactions are a common day to day practise for a majority of the modern world generation. The convenience, simplicity and reliabity associated with online transactions is for the lack of a better term magnificent. As with all good things, they also do have their hitches.

We will write a custom essay on your topic a custom Essay on Designing Security Components for an Online Auction Site
808 writers online

The biggest problem as at now with online transactions is the issue of security. This is as a result of system developers employing unsafe coding practises. Malicious people as a result are always on the loop to interfere with these systems. Over the years the issue of security in online transactions has become such a hot issue that it has opened up a new billion dollar industry dealing in online security concerns.

This paper will look at one online auction USA (Universal System for Auction) on a broader perspective particularly on the issue of security. It will look at the loop holes that have currently allowed the defacing of the company image into an insecure system. Finally the paper will give probable solutions that should be implemented to the system to curb the situation and re-gain customer confidence in this system.

Possible entry methods for the system

Cross site scripting

The system’s architecture has three main layers; transport architecture, application architecture and the database that together form the USA. A keen analysis of the architecture and design used for this auction system reveals various loop holes that could be the most probable pathways used by hackers to gain access into this system.

One of the possible ways they use is cross site scripting. Potentially all websites today are shifting from the error of having static content on a webpage in to having dynamic content which in essence is used to make the customers experience more thrilling.

The term dynamic content implies to content that is generated as a result of a server process which on delivery behaves differently as per the customer’s custom settings. A website that spawns a static page has total control over how the pages are interpreted by the client as well as the browser. A dynamic website on the other hand is incapable of controlling how the browser or user interprets its content.

This opens up a gateway for untrusted material on the page which will in no way be detected by the browser nor the client. Innocently the user clicks onto malicious links that are dynamically generated. Once a hacker has captured the user’s information they can then for example be able to take over the user session before cookie expiry or they can connect the user onto some malicious servers. This is one of the loop holes available on the USA system (Lee, “Cross site scripting”).

1 hour!
The minimum time our certified writers need to deliver a 100% original paper

Injection flaws

Another possible attack method is injection flaws. This is whereby attackers use web applications to transmit harmful code to another system. Various methods of attack exist including systems calls to server operating system, shell commands covering external programs that are harmful and SQL injection by use of backend databases.

Many web applications rely on external programs and operating system topographies to perform their operations. In the case where a web application transmits information from a HTTP request the information needs to be prudently checked for malicious activity or characters. This is so because in most times attackers insert extra characters or commands into the information which is carelessly passed by the web application and further executed by the external system.

This way the attacker is able to access all information that they want from the external system. This is especially in witnessed in the case of USA the system relies on multiple web applications being a dynamic website which opens it up to all attack possibilities (“Injection flaws” n.p).

Path traversal

Path traversal is another possible root method that can be used to access data from the USA system. This is where a hacker looks at the transport architecture of a system and aims at the directories for the site that have their storage point outside the websites root folder. USA is a classic example of this as revealed by the design architecture of the system.

An attacker will use the system posing as a potential client while looking he or she searches for links to files whose storage is on the server. On identifying such like files he or she then results to manipulating variables which reference to (../) files. Through this method the attacker is able to gain access to arbitrary files on the target file system (“Path traversal” n.p).

Proposed solutions to problems

This are a few of the methods identified used by attackers to hack into the system. Various methods can however be implemented to curb this. To curb the issue of cross site scripting web developers can be more secure in their code process. They need to protect their sites from harmful content from attackers.

This can be best achieved by insisting on the fact that dynamically produced pages do not relay unsecure content. The client also has a role to play to ensure that safety is maintained. The first solution which is by far the most effective is disabling the use of scripting languages on one’s browser and further on the HTML mail clients as well. This is the safest method to help avoid the problem of cross site scripting; however on implementation the browser loses some bit of function ability.

Remember! This is just a sample
You can get your custom paper by one of our expert writers

The second way for the client to ensure safety for themselves is through disciplining their internet habits. This is where one strictly keeps to links from only the main website which is the genuine ones and avoiding any diversions. This method if adhered to is effective and advantageous than the previous as the browser still maintains all function ability (Lee, “Cross site scripting”).

Injection flaws do a great risk to online auctions particularly the USA system. The most basic method of protection is the avoidance of external applications during the site design at the basic level. Programmes should refrain from allowing external applications to easily connect with their applications without thorough scrutiny of the said applications. When implementing back end calls to the database programmers must ensure that the data provided goes through a keen check for any malicious activities.

This can be best achieved by ensuring that all requests to or from a database are handled as data as opposed to executable material which opens path for malicious content. Another method to use against injection attacks is ensuring that web applications only run under the privileges they need to perform and should not be allowed any permission to run under the DBADMIN environment when accessing databases (“Injecting flaws” n.p).

The issue of path traversal can be best checked by use of a number of ways. One is the use of strictly user input especially when dealing with file system calls. This will ensure that no malicious data is conveyed. Another key method is the implementation of user indexes for file names as opposed to the use of actual names.

This will conceal the information in a better way. A designer should also ensure that user do not have all the necessary permissions to fully supply traversal paths by encoding paths. Finally another key method that can be used to curb path traversal is by making sure that user’s input is categorised with the ‘bad’ input being rejected (“Path traversal” n.p).

Proposed architecture to the improved system

With these recommendations it is best to give a pictorial layout of how a secure system for USA should work. Various sections of the architecture have been further protected to ensure data security is maintained at a top level. Below is the architecture;

Proposed architecture to the improved system Chart.

This architecture represents the path between the client and each of the servers available. This way security of data is ensured to be at its absolute best to reduce cases of attackers getting into the system.

We will write
a custom essay
specifically for you
Get your first paper with
15% OFF

Conclusion

In conclusion, this paper has been invaluable in helping analyse the possible loop holes that might have led to the destruction of the USA system. With the implementation of the recommended changes the system is bound to be secure and very well safe to be back to online auction to regain its name as a safe haven for online trade.it is thus important that all recommendations made be followed to the latter.

Works Cited

“Injection Flaws.” The Open Web Application Security Project. OWASP, n.d. Web.

Lee, Paul. Cross site scripting. Developer Works, 01 Sep 2002. Web.

“Path Traversal.” The Open Web Application Security Project. OWASP, n.d. Web.

Print
Need an custom research paper on Designing Security Components for an Online Auction Site written from scratch by a professional specifically for you?
808 writers online
Cite This paper
Select a referencing style:

Reference

IvyPanda. (2023, November 30). Designing Security Components for an Online Auction Site. https://ivypanda.com/essays/designing-security-components-for-an-online-auction-site/

Work Cited

"Designing Security Components for an Online Auction Site." IvyPanda, 30 Nov. 2023, ivypanda.com/essays/designing-security-components-for-an-online-auction-site/.

References

IvyPanda. (2023) 'Designing Security Components for an Online Auction Site'. 30 November.

References

IvyPanda. 2023. "Designing Security Components for an Online Auction Site." November 30, 2023. https://ivypanda.com/essays/designing-security-components-for-an-online-auction-site/.

1. IvyPanda. "Designing Security Components for an Online Auction Site." November 30, 2023. https://ivypanda.com/essays/designing-security-components-for-an-online-auction-site/.


Bibliography


IvyPanda. "Designing Security Components for an Online Auction Site." November 30, 2023. https://ivypanda.com/essays/designing-security-components-for-an-online-auction-site/.

Powered by CiteTotal, free referencing machine
If you are the copyright owner of this paper and no longer wish to have your work published on IvyPanda. Request the removal
More related papers
Cite
Print
1 / 1