{"id":65583,"date":"2017-08-08T17:43:20","date_gmt":"2017-08-08T14:43:20","guid":{"rendered":"https:\/\/www.mywot.com\/en\/blog\/?p=65583"},"modified":"2025-01-07T11:37:18","modified_gmt":"2025-01-07T09:37:18","slug":"ecommerce-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities","title":{"rendered":"Common Vulnerabilities in E-Commerce Systems and How to Identify Them"},"content":{"rendered":"

\"Top<\/h2>\n

We\u2019ve looked at the scams that can hit online consumers while they\u2019re enthusiastically dishing out their private details to unseen criminals whilst clothes shopping online, buying gifts, ordering groceries, and doing their banking, but what\u2019s going on behind the scenes of these e-commerce websites? While we\u2019re increasingly doing our transactions online and facing a rise in cybercrime, there\u2019s a corresponding rise in the number of cyberattacks against online payment systems rendering them insecure and unreliable. Even Facebook is now an insecure social network, but at least in there are physical ways to take back your Facebook privacy<\/a>.<\/p>\n

As far as online payment systems go, criminals aren\u2019t just attacking vulnerabilities that have been published in reusable third-party components used by websites, like shopping cart software (you know \u201cadd to your cart,\u201d \u201cproceed to checkout\u201d), but vulnerabilities that exist in any web application (SQL injection, cross-site scripting etc.). So why do security vulnerabilities arise in shopping cart and online payment systems? Simply because of the wide exposure that an online site has and the financial nature of the transactions. Add to that the fact that web app developers are not very well versed with secure programming techniques, but more focused on meeting deadlines and beating the competition in the fast-moving e-commerce world. Additionally, most online systems are inherently intricate and users have ever-growing tough requirements from their e-commerce providers, which requires complex designs and programming logic.<\/p>\n

Often, e-commerce sites flaunt their 128-bit SSL, Thawte or Verisign certificates as proof that their sites are well secured. However, customers are now less gullible and realize that no matter how strong they\u2019ve even made their passwords, for example, it doesn\u2019t take long for cyber-crime experts to crack them<\/a>. It\u2019s not the website\u2019s fault, it\u2019s just a competitive world in which cybercrime is on the rise (just Google internet security articles<\/a> for a wakeup call).<\/p>\n

Main Vulnerabilities Out There<\/h2>\n

Some attacks against the security of online payment systems originate with a set of known vulnerabilities, while others are only discovered by the authors during penetration testing. Regardless, there are a slew of different types of vulnerabilities. The results can have a massive impact from price manipulation to compromising confidentiality, crippling a website, or even causing an e-commerce business to go out of business. Here are the most common vulnerabilities.<\/p>\n

SQL Injection<\/strong><\/p>\n

This malicious attack occurs when SQL meta-characters are inserted into user input, meaning the hacker\u2019s queries are executed by the back-end database depending on what type is being used. The results on a vulnerable site may range from a detailed error message, which discloses the back-end technology in use, or it may allow the attacker to access restricted areas of the site, permit the execution of operating system commands, or give access to super sensitive data such as credit card numbers and transaction details.<\/p>\n

Cross-site Scripting<\/strong><\/p>\n

Cross-site Scripting (XSS) attacks primarily target end-users and leverage: the web application\u2019s lack of input and output validation; and the trust the end-user places in a URL that carries the vulnerable web site\u2019s name \u2014 no matter how secure their password is<\/a>.<\/p>\n

The XSS attack requires a web form that admits user input, processes it, and prints out the results on a web page containing the user\u2019s original input. If the user input is printed out without being scrutinized, an attacker can embed JavaScript by providing it as part of the input. By crafting a JavaScript-embedded URL, a victim can be \u201csocial engineered\u201d \u2014 for example by receiving a spoof email seemingly originating from the official site asking them to click a link to verify their details. This directs them to an attacker\u2019s fake site that looks like the official one. The user then enters sensitive information (credit card or social security number, etc.) in what is called a \u201cphishing scam.\u201d This is why it\u2019s essential for users be know the HTTP rules (e.g. a website must begin with \u201chttps\u201d not \u201chttp) and others, explaining how to know if a website is safe<\/a> or not.<\/p>\n

Price Manipulation<\/strong><\/p>\n

This vulnerability is virtually entirely exclusive to payment gateways and online shopping carts. Most commonly, the total price of the purchased goods to be paid is stored in a hidden HTML field of a dynamically generated web page. Attackers can use a web application proxy to modify the final amount payable to any value they choose. If the site has a huge amount of transactions, the manipulation will probably slip by unnoticed, or be discovered too late. Repeated attacks could cripple the provider\u2019s viability.<\/p>\n

How to Counter These Vulnerabilities<\/h2>\n

The be-all-and-end-all is to build security into the web application at the design stage and include a detailed risk assessment where the team plus security experts analyze the impact, vulnerabilities, and threat probabilities for the system. Once these risks are listed, system countermeasures must be designed. These should also include strict input validation procedures, the use of open-source cryptographic standards, a 3-tier modular architecture, and other secure coding practices.<\/p>\n

Conclusion<\/h2>\n

The vulnerabilities mentioned don\u2019t only apply to online payment systems or shopping carts, but to any type of web application. It\u2019s just that with e-commerce systems they are more severe given the financial nature of transactions. Companies can lose money, their reputations, and face law suits for violating customer privacy. Security is prime in designing such websites to give customers a full safety assurance guarantee. Consumers, on the other hand, hold the responsibility to become au fait with tips for browsing safely<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"

We\u2019ve looked at the scams that can hit online consumers while they\u2019re enthusiastically dishing out their private details to unseen criminals whilst clothes shopping online, buying gifts, ordering groceries, and doing their banking, but what\u2019s going on behind the scenes of these e-commerce websites? While we\u2019re increasingly doing our transactions online and facing a rise […]<\/p>\n","protected":false},"author":1,"featured_media":65586,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_links_to":"","_links_to_target":""},"categories":[40],"tags":[],"yoast_head":"\nCommon Vulnerabilities in E-Commerce & How to Identify Them | WOT<\/title>\n<meta name=\"description\" content=\"Learn to identify and counter common e-commerce vulnerabilities like SQL injection, cross-site scripting, and price manipulation to secure online transactions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Common Vulnerabilities in E-Commerce & How to Identify Them | WOT\" \/>\n<meta property=\"og:description\" content=\"Learn to identify and counter common e-commerce vulnerabilities like SQL injection, cross-site scripting, and price manipulation to secure online transactions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities\" \/>\n<meta property=\"og:site_name\" content=\"WOT\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/weboftrust\" \/>\n<meta property=\"article:published_time\" content=\"2017-08-08T14:43:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-07T09:37:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mywot.com\/blog\/wp-content\/uploads\/2017\/08\/Blog-Thumbnail-6.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Alex at WOT\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Web_of_Trust\" \/>\n<meta name=\"twitter:site\" content=\"@Web_of_Trust\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alex at WOT\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities\"},\"author\":{\"name\":\"Alex at WOT\",\"@id\":\"https:\/\/www.mywot.com\/blog\/#\/schema\/person\/ae7ad33d93b334cdbf7f10ac604f37c9\"},\"headline\":\"Common Vulnerabilities in E-Commerce Systems and How to Identify Them\",\"datePublished\":\"2017-08-08T14:43:20+00:00\",\"dateModified\":\"2025-01-07T09:37:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities\"},\"wordCount\":938,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.mywot.com\/blog\/#organization\"},\"articleSection\":[\"Online Privacy Protection\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities\",\"url\":\"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities\",\"name\":\"Common Vulnerabilities in E-Commerce & How to Identify Them | WOT\",\"isPartOf\":{\"@id\":\"https:\/\/www.mywot.com\/blog\/#website\"},\"datePublished\":\"2017-08-08T14:43:20+00:00\",\"dateModified\":\"2025-01-07T09:37:18+00:00\",\"description\":\"Learn to identify and counter common e-commerce vulnerabilities like SQL injection, cross-site scripting, and price manipulation to secure online transactions.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.mywot.com\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Common Vulnerabilities in E-Commerce Systems and How to Identify Them\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mywot.com\/blog\/#website\",\"url\":\"https:\/\/www.mywot.com\/blog\/\",\"name\":\"WOT\",\"description\":\"Safe Web Search & Browsing\",\"publisher\":{\"@id\":\"https:\/\/www.mywot.com\/blog\/#organization\"},\"alternateName\":\"WOT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mywot.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mywot.com\/blog\/#organization\",\"name\":\"Web of Trust\",\"alternateName\":\"WOT\",\"url\":\"https:\/\/www.mywot.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mywot.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mywot.com\/blog\/wp-content\/uploads\/2019\/02\/logo-big.png\",\"contentUrl\":\"https:\/\/www.mywot.com\/blog\/wp-content\/uploads\/2019\/02\/logo-big.png\",\"width\":395,\"height\":150,\"caption\":\"Web of Trust\"},\"image\":{\"@id\":\"https:\/\/www.mywot.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/weboftrust\",\"https:\/\/twitter.com\/Web_of_Trust\",\"https:\/\/www.linkedin.com\/company\/wot-services-ltd.\",\"https:\/\/www.youtube.com\/user\/MyWOT\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mywot.com\/blog\/#\/schema\/person\/ae7ad33d93b334cdbf7f10ac604f37c9\",\"name\":\"Alex at WOT\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mywot.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6d775e2b963afb3e50c3cc8ae1745b6e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6d775e2b963afb3e50c3cc8ae1745b6e?s=96&d=mm&r=g\",\"caption\":\"Alex at WOT\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Common Vulnerabilities in E-Commerce & How to Identify Them | WOT","description":"Learn to identify and counter common e-commerce vulnerabilities like SQL injection, cross-site scripting, and price manipulation to secure online transactions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities","og_locale":"en_US","og_type":"article","og_title":"Common Vulnerabilities in E-Commerce & How to Identify Them | WOT","og_description":"Learn to identify and counter common e-commerce vulnerabilities like SQL injection, cross-site scripting, and price manipulation to secure online transactions.","og_url":"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities","og_site_name":"WOT","article_publisher":"https:\/\/www.facebook.com\/weboftrust","article_published_time":"2017-08-08T14:43:20+00:00","article_modified_time":"2025-01-07T09:37:18+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/www.mywot.com\/blog\/wp-content\/uploads\/2017\/08\/Blog-Thumbnail-6.png","type":"image\/png"}],"author":"Alex at WOT","twitter_card":"summary_large_image","twitter_creator":"@Web_of_Trust","twitter_site":"@Web_of_Trust","twitter_misc":{"Written by":"Alex at WOT","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities#article","isPartOf":{"@id":"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities"},"author":{"name":"Alex at WOT","@id":"https:\/\/www.mywot.com\/blog\/#\/schema\/person\/ae7ad33d93b334cdbf7f10ac604f37c9"},"headline":"Common Vulnerabilities in E-Commerce Systems and How to Identify Them","datePublished":"2017-08-08T14:43:20+00:00","dateModified":"2025-01-07T09:37:18+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities"},"wordCount":938,"commentCount":0,"publisher":{"@id":"https:\/\/www.mywot.com\/blog\/#organization"},"articleSection":["Online Privacy Protection"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities","url":"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities","name":"Common Vulnerabilities in E-Commerce & How to Identify Them | WOT","isPartOf":{"@id":"https:\/\/www.mywot.com\/blog\/#website"},"datePublished":"2017-08-08T14:43:20+00:00","dateModified":"2025-01-07T09:37:18+00:00","description":"Learn to identify and counter common e-commerce vulnerabilities like SQL injection, cross-site scripting, and price manipulation to secure online transactions.","breadcrumb":{"@id":"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mywot.com\/blog\/ecommerce-vulnerabilities#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.mywot.com\/blog"},{"@type":"ListItem","position":2,"name":"Common Vulnerabilities in E-Commerce Systems and How to Identify Them"}]},{"@type":"WebSite","@id":"https:\/\/www.mywot.com\/blog\/#website","url":"https:\/\/www.mywot.com\/blog\/","name":"WOT","description":"Safe Web Search & Browsing","publisher":{"@id":"https:\/\/www.mywot.com\/blog\/#organization"},"alternateName":"WOT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mywot.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mywot.com\/blog\/#organization","name":"Web of Trust","alternateName":"WOT","url":"https:\/\/www.mywot.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mywot.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.mywot.com\/blog\/wp-content\/uploads\/2019\/02\/logo-big.png","contentUrl":"https:\/\/www.mywot.com\/blog\/wp-content\/uploads\/2019\/02\/logo-big.png","width":395,"height":150,"caption":"Web of Trust"},"image":{"@id":"https:\/\/www.mywot.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/weboftrust","https:\/\/twitter.com\/Web_of_Trust","https:\/\/www.linkedin.com\/company\/wot-services-ltd.","https:\/\/www.youtube.com\/user\/MyWOT"]},{"@type":"Person","@id":"https:\/\/www.mywot.com\/blog\/#\/schema\/person\/ae7ad33d93b334cdbf7f10ac604f37c9","name":"Alex at WOT","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mywot.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6d775e2b963afb3e50c3cc8ae1745b6e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6d775e2b963afb3e50c3cc8ae1745b6e?s=96&d=mm&r=g","caption":"Alex at WOT"}}]}},"_links":{"self":[{"href":"https:\/\/www.mywot.com\/blog\/wp-json\/wp\/v2\/posts\/65583"}],"collection":[{"href":"https:\/\/www.mywot.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mywot.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mywot.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mywot.com\/blog\/wp-json\/wp\/v2\/comments?post=65583"}],"version-history":[{"count":7,"href":"https:\/\/www.mywot.com\/blog\/wp-json\/wp\/v2\/posts\/65583\/revisions"}],"predecessor-version":[{"id":68100,"href":"https:\/\/www.mywot.com\/blog\/wp-json\/wp\/v2\/posts\/65583\/revisions\/68100"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mywot.com\/blog\/wp-json\/wp\/v2\/media\/65586"}],"wp:attachment":[{"href":"https:\/\/www.mywot.com\/blog\/wp-json\/wp\/v2\/media?parent=65583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mywot.com\/blog\/wp-json\/wp\/v2\/categories?post=65583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mywot.com\/blog\/wp-json\/wp\/v2\/tags?post=65583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}