The role of execution protection in e-commerce security


What is e-commerce security?

Electronic commerce security is the set of guidelines designed to enable secure transactions on the web. These guidelines include steps and protocols that help protect the sale and purchase of goods and services online. Appropriate security measures for e-commerce build consumer confidence by protecting their personally identifiable information (PII) which is typically shared during transactions, thereby increasing their confidence to make purchases with the retailer again, which in turn drives sales. long-term.

Ecommerce fraud is up 18%

According to Juniper Research, e-commerce fraud has increased by 18% in the past year, pushing the value of losses from $ 17.5 billion in 2020 to over $ 20 billion in 2021. Naturally, this increase has led online retailers of all sizes and industries to assess their risks and vulnerabilities. Unfortunately, most organizations don’t have the time to identify, develop, and implement fixes before the online shopping season begins.

What are the top e-commerce threats and how does Runtime Protection help you?

According to research, much of this fraud can be attributed to the following types of cyber attacks. To make sure your organization is safe, below lists detailed descriptions of each threat along with the steps needed to check your Runtime Protection (RASP) security policies to make sure apps are safe:

Third party and supply chain

Recent studies show that nearly 70% of modern web applications are made up of libraries, plug-ins, or third-party software creating a code supply chain that organizations increasingly rely on. Hackers have noticed this increase in the use of third-party code and have designed specific malware that secretly fits into this supply chain. This is then automatically distributed by a “trusted” source, by default. Infected third-party code can include spyware, viruses, Trojans, or ransomware and can create future damage by easily injecting itself into confidential data sources.

Third-party software and supply chain solution

  • Configure RASP to “Track application dependencies”. This setting monitors and reports any third-party software being loaded into memory in the application. Confirm the scan intervals for the initial and subsequent scans.
  • Enable and tune the RASP networking activity module as needed. This module provides protections against unauthorized network activity, with additional settings to limit network protections only to activity originating from an HTTP request, and an “allow list” for hosts or TCP / endpoints. Safe IPs.

SQL injection (SQLi)

Attackers are constantly on the lookout for certain vulnerabilities such as SQL injections (SQLi). Ecommerce stores are sensitive to SQLi because of the features and search capabilities that are often offered to consumers to help them find the right products. Once a product name is entered in the search box, pressing the Enter key often sends the search terms to the database for the matching results that are displayed on the web page. However, instead of sending a product name to the database, hackers repeatedly try to send database queries and discover data tables, consumer information, etc. which can cause a devastating data leak.

SQLi solution

  • Activate the SQLi RASP module. Even the most sophisticated SQLi can be avoided, including those from other APIs, partner applications, RSS feeds, or synthesized queries.

Cross-site scripts (XSS)

Like SQLi, hackers always check web applications for cross-site scripting (XSS) vulnerabilities and have a plethora of strategies and methods that can severely affect e-commerce websites. XSS (also known as content injection) is similar to SQLi, but instead of attacking the back-end for confidential data, XSS targets the front-end of websites, changing the way consumers interact with the website. For example, XSS can take over product links, sending consumers to an unauthorized website to continue shopping, and then steal their information. XSS can lead to loss of revenue and loss of consumer confidence and security.

XSS Solution

  • Activate the RASP Content Injection Module (XSS). This module can efficiently parse all incoming code for content injections, including HTML, XML, JSON, and JavaScript, whether fragmented, a full document, plain text, or mixed content.

In addition to these protections, RASP offers a host of features and security modules to protect corporate applications and confidential data from unauthorized access. RASP protections protect against command injection and traversal attacks, which were the primary targets of the massive Solar Winds cyberattack. RASP also offers security modules that protect sites against vulnerabilities such as cross-site request forgery (CSRF), hashing and weak cryptography algorithms, unauthorized network activity, and more.

Recently, we released our 2021 report, The State of Security in Ecommerce, where you will get valuable insight into the nature and impact of attacks targeting your organization.

Need help setting up protections? Current customers can contact us for assistance in ensuring that these protections are properly implemented and that customers are safe during the holiday season. Request a demo to see how RASP can quickly and effectively protect even legacy applications and mitigate vulnerabilities. Or contact an Imperva representative today.

The article The Role of Execution Protection in Ecommerce Security first appeared on Blog.

*** This is a syndicated Security Bloggers Network Blog blog written by Elizabeth Rossi. Read the original post at:


Comments are closed.