A Penetration Testing Method for E-Commerce Authentication System Security
E-Commerce systems are suffering more and more security issues. Vulnerabilities of authentication systems are revealed when various attacks and malicious abuses are developed and deployed to violate security of system and information. To improve the ability to defend authentication system against invasion and abuse, a novel penetration testing method for E-Commerce authentication system is proposed to scrutinize the vulnerabilities of e-Commerce authentication system and evaluate severity level of potential vulnerabilities. The penetration testing method is an active vulnerability analysis and verification method that can mimic active attacks and perform exploitations by constructing effective and concise penetration testing cases. Through analyzing dynamic taint propagation, the presented method can determine feasibility of the attacks and evaluate security of authentication system. The experiment demonstrates the proposed method can serve as a viable and effective candidate for security detection of authentication system.
penetration testing e-Commerce authentication system program vulnerability
Wei Pan Weihua Li
School of Computer Science Northwestern Polytechnical University Shaanxi, Xian, 710129, China
国际会议
南昌
英文
449-453
2009-09-01(万方平台首次上网日期,不代表论文的发表时间)