An Integrated Vulnerability Assessment of Electronic Commerce Websites

Abstract

: This paper examines the security issues on electronic commerce websites in Ghana using technical and nontechnical procedures. The study assessed e-commerce websites for the security tools employed to protect user data and other related privacy issues on the websites. It also analyzed e-commerce websites for encryption security tools that protect customer data and test e-commerce websites for the presence of security vulnerabilities that could threaten the security of the sites and their users using w3af. The study used a combination of three methods; web content analysis, information security audit and testing of the websites using w3af, a vulnerability assessment tool. Web application attack and audit framework (w3af) was used to test and identify possible vulnerabilities on the e-commerce websites that could be used by malicious users to steal customer data for fraudulent intent. The research focused to reveal the security vulnerabilities present on e-commerce websites that could affect the trust of clients, the satisfaction of clients, and patronage of e-commerce services by customers. The study found credit card number disclosures, full path disclosures vulnerabilities, cross-site request forgery vulnerabilities and social security number exposures of clients on the e-commerce websites. These security weaknesses in these e-commerce websites have been highlighted as findings in the study that would inform policy direction on electronic data collection, protection and use in the e-commerce industry in Ghana. The findings will also inform industry players in the e-commerce sector on the need to strengthen security on their websites and caution customers to be security conscious on all e-commerce websites. The major significance of the study is the fact that majority of the electronic commerce websites have a lot of vulnerabilities making them unsecure for customers to trust their private data into their care. This study as such informs the customer society and the electronic commerce industry of these security weaknesses and the urgent need to get them fixed. Some solutions have been suggested in the paper to assist in fixing these security vulnerabilities. These solutions have provided the best results. A diligent application of these methods in addressing the vulnerabilities would provide a more secure and less vulnerable e-commerce websites for users. The precautions suggested could assist protect customers and reduce cyber threats during online shopping. E-commerce Security, cyber security, cyber-insurance E-Learning technologies.