WEB SECURITY Flipkart
Submited to Madam Vardia Tariq Date 1/23/2017
Khaleeq Ahmed
13-Arid-2582
Hammad Siddique
13-Arid-3070
Malik Shehjarrar
13-Arid-2588
Muhammad Farhan
13-Arid-2600
Haseeb Rabbani
13-Arid-2564
1 What is E-Commerce? Communication Perspective Business Perspective Service Perspective Online Perspective Communication perspective - electronic commerce is the delivery of information, products/services, or payments via telephone lines, computer networks or any other digital mean, Business perspective – application of technology toward the automation of business transactions or workflows Service perspective – a tool that addresses the desire of firms, consumers and management to cut service cost and improve quality of goods and increasing the speed of service delivery Online perspective – the capability of buying and selling products and information on the internet and other online services 2 Major Concerns
3 Basic E-Commerce Security Issues Authentication Authorization EC security strategy Deterring measures Prevention measures 1
Detection measures Information assurance (IA) authentication Process to verify (assure) the real identity of an individual, computer, computer program, or EC website authorization Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform Auditing An audit also includes a series of tests that guarantee that information security meets all expectations and requirements within an organization. During this process, employees are interviewed regarding security roles and other relevant details Availability nonrepudiation Assurance that online customers or trading partners cannot falsely deny (repudiate) their purchase or transaction 4 Technical
Attack Methods
VIRUSES WORMS TROJAN HORSES Virus A piece of software code that inserts itself into a host, including the operating systems, in order to propagate; it requires that its host program be run to activate it Worm A software program that runs independently, consuming the resources of its host in order to maintain itself, that is capable of propagating a complete working version of itself onto another machine TROJAN HORSES A program that appears to have a useful function but that contains a hidden function that presents a security risk.
5 Technical Attack Methods denial-of-service (DoS) attack An attack on a website in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources 2
page hijacking Creating a rogue copy of a popular website that shows contents similar to the original to a Web crawler; once there, an unsuspecting user is redirected to malicious websites botnet A huge number (e.g., hundreds of thousands) of hijacked Internet computers that have been set up to forward traffic, including spam and viruses, to other computers on the Internet Malvertising The use of online advertising to spread malware.
6 The Information Assurance Model and Defense Strategy •
Three security concepts important to information on the Internet: confidentiality, integrity, and availability
confidentiality Assurance of data privacy and accuracy; keeping private or sensitive information from being disclosed to unauthorized individuals, entities, or processes Assurance that stored data has not been modified without authorization; a message that was sent is the same message as that which was received
availability Assurance that access to data, the website, or other EC data service is timely, available, reliable, and restricted to authorized users
penetration test (pen test) A method of evaluating the security of a computer system or a network by simulating an attack from a malicious source, (e.g., a cracker)
7 EC security programs All the policies, procedures, documents, standards, hardware, software, training, and personnel that work together to protect information, the ability to conduct business, and other assets .
Encryption Encryption The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it .
Plaintext An unencrypted message in human-readable form 3
ciphertext A plaintext message after it has been encrypted into a machine-readable form.
Symmetric (private) key encryption An encryption system that uses the same key to encrypt and decrypt the message.
8 The Defense strategy Digital signature or digital certificate Validates the sender and time stamp of a transaction so it cannot be later claimed that the transaction was unauthorized or invalid
Digital envelope The combination of the encrypted original message and the digital signature, using the recipient’s public key
Certificate authorities (CAs) Third parties that issue digital certificates
Secure Socket Layer (SSL SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client. Types of electronic payments
• Payment Cards •
Electronic Cash Systems
•
Electronic wallets
•
Electronic Check (E-check)/
•
Electronic cheque
•
Micro Payment System
4
9 Now, In case Of Flipkart
9.1 Introduction Flipkart went live in 2007 with the objective of making books easily available to anyone who had internet access. They’re present across various categories including movies, music, games, mobiles, cameras, computers, healthcare and personal products, home appliances and electronics – and still counting! With over 11.5 million book titles, 11 different categories, more than 2 million registered users and sale of 30000 items a day, they’re one of the leading e-commerce players in the country. According to Morgan Stanley the current market value of Flipkart is $5.54 billion as of November 2016 . 9.1.2 Defense Strategy of Flipkart Encryption Flipkart uses 256-bit encryption technology to protect your card information while securely transmitting it to the secure and trusted payment gateways managed by leading banks. Report By Google
Secure Connection
The connection to this site is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM). Secure Resources All resources on this page are served securely. This page is secure (valid HTTPS) .
5
9.1.3 3D Secure password
The 3D Secure password is implemented by VISA and MasterCard in partnership with card issuing banks under the "Verified by VISA" and "Mastercard SecureCode" services, respectively. The 3D Secure password adds an additional layer of security through identity verification for your online credit/debit card transactions. This password, which is created by you, is known only to you. This ensures that only you can use your card for online purchases.
9.1.4 Digital signature or digital certificate Of Flipkart
Certificate authorities (CAs) Flipkart is certified by GoDaddy Class 2 Certification Authority Root Certificate - G2.
Secure Socket Layer (SSL SSL stands for Secure Socket Layer. SSL Certificates validate your website's identity, and encrypt the information visitors send to, or receive from, your site. They support up to 256-bit encryption and they're recognized by all of the major desktop and mobile browsers on the market.
6
9.1.5 Payment methods Cash on Delivery credit/debit card Visa MasterCard Maestro American Express Internet Banking Gift Card
Flipkart Wallet
Flipkart's credit card EMI option
Cash on Delivery
All items that have the "Cash on Delivery Available" icon are valid for order by Cash on Delivery. Add the item(s) to your cart and proceed to checkout. When prompted to choose a payment option, select "Pay By Cash on Delivery". Enter the CAPTCHA text as shown, for validation. Once verified and confirmed, your order will be processed for shipment in the time specified, from the date of confirmation. You will be required to make a cash-only payment to our courier partner at the time of delivery of your order to complete the payment. Terms & Conditions: The maximum order value for C-o-D is ₹50,000 Gift Cards or Store Credit cannot be used for C-o-D orders Cash-only payment at the time of delivery.
Credit/debit card Credit cards We accept payments made using Visa, MasterCard and American Express credit cards.
To pay using your credit card at checkout, you will need your card number, expiry date, threedigit CVV number (found on the backside of your card). After entering these details, you will be redirected to the bank's page for entering the online 3D Secure password. Debit cards We accept payments made using Visa, MasterCard and Maestro debit cards. To pay using your debit card at checkout, you will need your card number, expiry date (optional for Maestro cards), three-digit CVV number (optional for Maestro cards). You will then be redirected to your bank's secure page for entering your online password (issued by your bank) to complete the payment. Internationally issued credit/debit cards cannot be used for Flyte, Wallet and eGV payments/top-ups. 7
Your online transaction on Flipkart is secure with the highest levels of transaction security currently available on the Internet. Flipkart uses 256-bit encryption technology to protect your card information while securely transmitting it to the respective banks for payment processing. All credit card and debit card payments on Flipkart are processed through secure and trusted payment gateways managed by leading banks. Banks now use the 3D Secure password service for online transactions, providing an additional layer of security through identity verification.
9.1.6 Payment through credit card EMI option With Flipkart's credit card EMI option, you can choose to pay in easy installments of 3, 6, 9, 12, 18*, or 24 months* with credit cards from the following banks: HDFC Citi ICICI Kotak Axis IndusInd SBI HSBC How do I make a payment using Flipkart's credit card EMI option?
Once you've added the desired items to your Flipkart shopping cart, proceed with your order as usual by entering your address. When you're prompted to choose a payment mode for your order, select 'EMI' & follow these simple steps: 1. Choose your credit-card issuing bank you wish to pay from 2. Select the EMI plan of your preference 3. Enter your credit card details 4. Click 'Save and Pay'
8