Advertisement

Vulnerabilities in Online Food Ordering Website

  • Ji-Jian ChinEmail author
  • Yvonne Hwei-Syn Kam
  • Vik Tor Goh
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1132)

Abstract

In this paper, we show several vulnerabilities in the ordering mechanism of one of Malaysia’s online food ordering services company (which we will call “Company X”) website. In particular, we show that the system is open to several kinds of abuse, demonstrating two proof-of-concept attacks we carried out, as well as discuss more potentially disruptive theoretical attacks. We also suggest several countermeasures to rectify the issues, that are not only applicable to Company X website, but also to other similar online ordering systems.

Keywords

E-commerce Vulnerabilities Online portal Attacks 

References

  1. 1.
    E-commerce transactions enjoying healthy growth. The Star Online, May 2019. https://www.thestar.com.my/news/nation/2019/05/14/ecommerce-transactions-enjoying-healthy-growth/
  2. 2.
    Espelid, Y., Netland, L., Klingsheim, A.N., Hole, K.J.: A proof of concept attack against Norwegian internet banking systems. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 197–201. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-85230-8_18CrossRefGoogle Scholar
  3. 3.
    Fonseca, J., Vieira, M., Madeira, H.: Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks. In: 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007). pp. 365–372. IEEE (2007)Google Scholar
  4. 4.
    Khrais, L.T.: Highlighting the vulnerabilities of online banking system. J. Internet Bank. Commer. 20(3) (2015)Google Scholar
  5. 5.
    Marchany, R.C., Tront, J.G.: E-commerce security issues. In: Proceedings of the 35th Annual Hawaii International Conference on System Sciences, pp. 2500–2508, January 2002.  https://doi.org/10.1109/HICSS.2002.994190
  6. 6.
    MyCERT: Malaysia computer emergency response team. https://www.mycert.org.my/. Accessed 18 July 2019
  7. 7.
    Sun, F., Xu, L., Su, Z.: Detecting logic vulnerabilities in e-commerce applications (2014)Google Scholar
  8. 8.
    Yao, Y., Ruohomaa, S., Xu, F.: Addressing common vulnerabilities of reputation systems for electronic commerce. J. Theoret. Appl. Electron. Commer. Res. 7, 1–20 (2012). https://scielo.conicyt.cl/scielo.php?script=sci_arttext&pid=S0718-18762012000100002&nrm=iso

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  • Ji-Jian Chin
    • 1
    Email author
  • Yvonne Hwei-Syn Kam
    • 1
  • Vik Tor Goh
    • 1
  1. 1.Faculty of EngineeringMultimedia UniversityCyberjayaMalaysia

Personalised recommendations