UNT | University of North Texas

Search form

CSCE 4560/5560: Secure Electronic Commerce

Course Number: 
CSCE 4560/5560
Course Name: 
Secure Electronic Commerce
Description: 

Undergraduate: Electronic commerce technology, models and issues, with emphasis on security issues. Supporting technology such as cryptography, digital signatures, certificates and public key infrastructure (PKI). Security-conscious programming for web-based applications. Exposure to interaction between technical issues and business, legal and ethical issues.

Graduate: Electronic commerce technology, models, and issues, with emphasis on security issues. Supporting technology such as cryptography, digital signatures, certificates, and public key infrastructure (PKI). Security-conscious programming for web-based applications. Exposure to interaction between technical issues and business, legal, and ethical issues. Includes a research project. 

Start Date: 
Monday, May 3, 2004
Last Review Date: 
Thursday, April 2, 2015
Credit Hours (Including Labs): 
3.00
UNT Topics: 
  1. Introduction
    1. Successful E-Commerce Applications
    2. E-Commerce Technical Issues
    3. Traditional Commerce
    4. What is E-Commerce?
    5. E-Commerce History
    6. E-Commerce Advantages and Disadvantages
    7. E-Commerce Challenges and Strategies
    8. E-Commerce Types
  2. Technology Infrastructure
    1. The Internet
      1. Evolution of the Internet
      2. Internet Technology Concepts
        1. TCP/IP and the OSI Model
        2. IP Addresses
        3. Routing Internet Messages
        4. Domain Names, DNS, and URLs
        5. Limitations of Current Internet
    2. Client-Server Computing
    3. Mobile Platform
    4. Cloud Computing
    5. World Wide Web (WWW)
    6. E-Commerce
      1. Key Drivers of E-Commerce
      2. Limitations of E-Commerce
      3. Components
        1. Electronic Exchange Model
        2. Infrastructure Components
          1. Web Servers
            1. Hardware and Scalability
            2. Software
            3. Performance and Evaluation
      4. Stages of E-Commerce
        1. First Generation E-Commerce Technologies
        2. Second Generation E-Commerce Technologies
        3. Third Generation E-Commerce Technologies
        4. Fourth Generation E-Commerce Technologies
      5. Tiered Architectures
  3. Threats and Vulnerabilities
    1. Security Basics and Terminology
    2. Vulnerabilities
      1. Vulnerabilities in Systems
        1. OWASP (Open Web Applications Security Project)
        2. National Vulnerability Database
        3. SANS (SysAdmin, Audit, Network, Security) Software Errors
        4. Other Vulnerabilities
      2. Threats
      3. Current Environment
    3. Vulnerability Analysis
      1. Detecting Vulnerabilities
        1. System Verification
        2. Penetration Testing
      2. Vulnerability Classification
    4. String Vulnerabilities
      1. Unbounded String Copies
      2. Null-Termination Errors
      3. Truncation
      4. Write Outside Array Bounds
      5. Off-By-One Errors
      6. Improper Data Sanitization
    5. Buffer Overflow
      1. Smashing the Stack
      2. Countermeasures
    6. Security of Web Applications
      1. Web Servers
        1. HTTP
          1. Managing State Information
            1. Hidden Form Fields
            2. Query Strings
            3. Cookies
            4. Sessions
      2. Web Application Vulnerabilities
      3. Other Vulnerabilities
        1. Misconfiguration
        2. Client-Side Controls
        3. Direct Object Reference
        4. Authentication Errors
      4. Web Attack Models
      5. Web Browsers
        1. Execution Model
        2. JavaScript Security Model
        3. Document Object Model (DOM)
        4. Frame and iFrame
      6. Remote Scripting
      7. Port Scanning
      8. Cross-Site Scripting
        1. Countermeasures
    7. Dynamic Web Applications
      1. PHP: Hypertext Preprocessor
      2. SQL
      3. SQL Injection Attack
        1. Countermeasures
      4. Cross-Site Request Forgery
        1. Countermeasures
      5. Other Identity Misbinding Attacks
  4. Secure Coding
    1. E-Commerce Security Environment
      1. Security Issues
    2. Risk Management Model
    3. Types of Threats and Attacks
      1. Client Attacks
      2. Communication Channel Threats
      3. Network Attacks
      4. Malware
      5. Server Threats
      6. IP Spoofing
      7. Database Threats
      8. Other Threats
    4. Design Principles for Security
    5. Secure Coding Principles
      1. Secure Programming and Payment Card Industry (PCI)
      2. Development Methodology
      3. Coding Standards
      4. Source Control
      5. Approaching Secure Coding
        1. Attackers
        2. Tenants
        3. Architectures
        4. Security Principles
      6. Threat Risk Modeling
        1. STRIDE (Spoofing Identity, Tampering with data, Repudiation, Information disclosure, Denial of service, Elevation of privilege)
        2. DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability)
        3. Quantify Risk Financially
      7. OWASP Areas for Development Methodology
    6. Risk Mitigation
      1. Risk Mitigation Options
      2. Risk Mitigation Process
    7. Security Technologies
      1. Encryption
      2. Verifying Data Integrity
      3. Digital Signatures
      4. Secure Communication
        1. IPSec
        2. SSL/TLS
        3. Firewalls
    8. Secure Development Process
      1. Threats Analysis
        1. Cost of Insecure Code
      2. Secure Coding
        1. Secure by Design
        2. General Principles
        3. Least Privilege
        4. Compartmentalization
        5. Trust Relationships
        6. Reduce Attack Surface
        7. Complete Mediation
        8. Defense in Depth
        9. No Security by Obscurity
        10. Fail Intelligently
        11. Test Security
        12. Coding Rules
    9. Software Development
      1. Quality vs. Security
    10. Using Threat Models
  5. Payment Systems
    1. Electronic Payment Systems
    2. Electronic Payment Requirements
    3. Digital Money
      1. Types of Electronic Payments
        1. Electronic Cash
          1. Advantages and Disadvantages
          2. Blind Signature
          3. Double Spending
        2. Electronic Wallets
          1. Advantages and Disadvantages
        3. Smart Card
          1. Types of Smart Cards
          2. Smart Card Applications
        4. Credit/Charge/Debit Card
          1. Payment Acceptance and Processing
          2. Open and Closed Loop Systems
          3. SET Protocol
      2. Fraudulent Card Transactions
  6. Shopping Carts
    1. Basic Functions of Electronic Commerce Software
      1. Catalog Display
      2. Shopping Carts
        1. Controllable and Uncontrollable Factors
        2. Information Architecture
        3. Good Shopping Cart Design
      3. Transaction Processing
  7. Database
    1. Database Overview
      1. Database Management Systems
      2. Structured Query Language
      3. Database Views
      4. Database Administrator
    2. Database Role in Electronic Commerce
      1. Basic Business Rules
    3. Database Security
      1. Security Issues
      2. Protection Requirements
      3. Types of Security Controls
        1. Access Control
          1. Discretionary Access Control (DAC)
          2. Mandatory Access Control (MAC)
          3. Role-Based Access Control (RBAC)
        2. Inference Control
        3. Flow Control
        4. Encryption
          1. Encryption Options
  8. Design and Development
    1. Building an Electronic Commerce Site
      1. Strategies for Developing Electronic Commerce Web Sites
        1. Profit vs. Non-Profit Organizations
      2. Web Site Development Life Cycle
        1. Systems Analysis and Planning
        2. Web Site Design
          1. Logical and Physical Design
          2. Criteria Navigation
          3. Usability and Accessibility
          4. Trust and Loyalty
          5. Personalization
        3. Building the Web Site
          1. Content Creation and Management
            1. In-House vs. Outsourcing Development
            2. In-House vs. Outsourcing Hosting
        4. Testing
        5. Implementation and Maintenance
  9. Marketing and Advertising
    1. Consumer Decision-Making Process
    2. Marketing Strategies
      1. Communication
      2. Market Segmentation
      3. Personalization
      4. Market Research
      5. Branding
      6. Advertising
      7. Search Engine Positioning
  10. Legal, Ethical, and Tax Issues
    1. Borders and Jurisdiction
    2. Contracts
    3. Consumer and Seller Protection
    4. Ethical Issues
    5. Taxation and Electronic Commerce
UNT Outcomes: 
  • Knowledge of an experience with secure web development, with exposure to at least three current technologies (such as XML, Perl, PHP, ASP, JSP, JavaScript, etc.).
  • Knowledge of how cryptography can be used to support confidentiality and integrity of electronic transmissions and transactions
  • Knowledge of electronic transaction and payment systems
  • Knowledge of Public Key Infrastructure (PKI) settings and trust models, with specific systems such as X.509 certificates and PGP’s decentralized web of trust
  • Familiarity with basic network and system security, and the ability to set up a typical electronic commerce setting of networks and hosts
  • Familiarity with business, legal, and ethical issues related to electronic commerce, and the interaction of these issues with technical issues.
UNT Department: 
Computer Science and Engineering (CSE)
Course Level: 
Graduate
Undergraduate
Course Documents: