Professional Documents
Culture Documents
Sen-Tarng Lai
I.
INTRODUCTION
II.
505
15%
1%
Very worried
34%
Worried
50%
Figure 1. In network transaction, 84% people concerned personal data been
stolen.
III.
506
507
External
Entity
E-commerce
Application
Server
External
Entity
Client Site
E-commerce
Data Base
D
C
Data Collector
Start
Feedback
Security
Requirements
Requirement
validation
Routine Security
testing
Security Event
Detection
Terminal
Figure 3. MLSPS operation flow chart
508
requirement.
E-commerce
system
should
satisfy
authorization, integrity, privacy and non-reputation four
security requirements. The requirement validation activities
are used to control and manage the e-commerce system
security. Second layer of MLSPS is a routine security
testing procedure. Using VS tools and PT strategy identifies
e-commerce security vulnerability and defect. Before
security event occurred, e-commerce security vulnerability
and defect can be timely identified and repaired to reduce
security event risk. The hacker, malicious user intrusion and
abnormal security event can be concretely reduced. The
routine security testing procedure includes four phases and
describes as follows (shown as Fig. 4):
(1) Test presetting phase
x Fully collect and parse the high frequency security
vulnerability and defect.
x According to the routine security testing operation,
prepares a well-defined security testing plan.
(2) Test execution phase
x According to security testing plan and test cases,
execute security testing and identify security
vulnerability and defect.
(3) Problem identification phase
x Verify the identified security vulnerability and defect.
x Isolate the affected environment items or software
functional modules.
(4) Repair phase
x Repair the security vulnerability and defect.
x Evaluate the result of security improvement.
Security Event
Detection
Procedure
DC inserting phase
Security event
judgment rule
Lightly
Seriously
Temporary terminate phase
Penetration Testing
Problem identification
phase
Repair phase
509
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
CONCLUSION
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
510