EC app security

From: Stout, Bill (StoutB@PIONEER-STANDARD.COM)
Date: Mon Apr 19 1999 - 11:00:36 PDT

Next message: David LeBlanc: "Re: Bug in WinNT 4.0 SP4"

Previous message: Chris Wedgwood: "Re: truncate("x", -1)"
Next in thread: Stout, Bill: "Re: EC app security"
Reply: Stout, Bill: "Re: EC app security"
Reply: Suzanne Shine: "Re: EC app security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Has anyone done a security audit/analysis of Electronic Commerce software
packages, such as catalog, database, and payment systems rolled into one?
There seems to be a deafening silence on what seems to be the most
vulnerable products.  Most bug issues are at the 'bit level' (O.S., stack,
or services) and not typically at the higher layer applications or workflow
process.

One experience; searching for database performance info one day, and pulling
up the 'catalog administrator' page of one (political) commerce site.  Had a
hell of a time convincing the admin that that was a problem, without
actually changing anything.

Bill Stout

Next message: David LeBlanc: "Re: Bug in WinNT 4.0 SP4"
Previous message: Chris Wedgwood: "Re: truncate("x", -1)"
Next in thread: Stout, Bill: "Re: EC app security"
Reply: Stout, Bill: "Re: EC app security"
Reply: Suzanne Shine: "Re: EC app security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:06 PDT