Ecommerce Security Checklist: Order, Payment, Comment 2023

By XiaoXin

We aims to improve your understanding of programming through simplified explanations and examples. The included code snippets can also save you time during development. All of this is designed to make your programming experience easier and more efficient.

Topics

Serials

CSS @At-Rules Explanation

Hacker Explanation

Improve Performance In PHP

Top Latest PHP Interview Questions And Answers For Experienced

Tutorial write Bash Scripts with ZX Library

E-Commerce System Security Checklist

Random

Creating Simple Login Page with ExpressJS

Logical Exploits Of Brute Force, Password Recovery

What does Google's ZX Library do?

Tutorial Get Browser Viewport Dimensions in JS

Why You Should Learn NestJS?

What Can ActorDB do?

Git remove untracked files or directories

Android App Security Best Practices

What are common PHP array functions?

Logical Exploits Of Arbitrary URL Jump

About Privacy Disclaimer Contact

A Bit Randomly

The validation value of the cookie is too simple. Some web pages are too single or simple to generate cookies, which leads to hackers being able to enumerate the validity values of cookies. Or you can log in to other use... Read Logical Exploits Of Flaws In a Cookie/Token Design

Main Contents

Ecommerce Security Checklist: Order, Payment, Comment

Purchase Payment/Recharge

- Order information traversal/disclosure
- Leakage of order information leads to leakage of user information
- Unauthorized modification/deletion of other people's orders
- Commodity amount/quantity tampering
- Replace the payment module
- Leakage of transaction information
- False recharge amount
- Recharge account/amount/quantity tampering
- Payment Verification Bypass
- Integer overflow, the maximum value of int is 2147483647
- Modify the key value in the data packet returned by the local JS or the server

Comment

- POST injection
- No session/token leads to CSRF
- Insert XSS when commenting
- Traversing the user ID leads to user information leakage
- The number of malicious batch-brushing comments.

Please Share This Article Thank You!

Parts of E-Commerce System Security Checklist

Ecommerce Security Checklist: Sweepstakes, Coupon

Sweepstakes/PromotionVoucher/Coupon Sweepstakes/Promotion - random draw- Stolen prizes/points- Tampering with lottery points/times- concurrent lottery- Invitation code XSS (Verification code URL may contain user name, the ...

Ecommerce Security Checklist: User, Membership

Login - brute force- Any user/password login- SMS/email bombing- Captcha bypass/blasting/replay/postback- Username/Mobile Number Enumeration- Unauthorized login (such as modifying the user ID in the data packet)- Account p...