DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • AWS Web Application and DDoS Resiliency
  • How To Optimize the Performance and Security of Your Website Using Modern Tools and Techniques
  • 4 Major Steps Of Web Application Penetration Testing
  • Identifying, Exploiting, and Preventing Host Header Attacks on Web Servers

Trending

  • Extracting Maximum Value From Logs
  • Automate Your Quarkus Deployment Using Ansible
  • Machine Learning Libraries For Any Project
  • OneStream Fast Data Extracts APIs
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Don't Overlook eCommerce Web Security This Holiday Season

Don't Overlook eCommerce Web Security This Holiday Season

What security threats to watch for as the year wraps up for eCommerce sites.

Alex Pinto user avatar by
Alex Pinto
·
Nov. 29, 15 · Opinion
Like (6)
Save
Tweet
Share
4.31K Views

Join the DZone community and get the full member experience.

Join For Free

Breaking News - Massive data breach! Exclusive - Looming cyber-threat detected.

The headlines have become routine. Web security (or cyber security) is part of the everyday fabric of our increasingly digital lives. There is an inherent risk in everything we do online, especially when it comes to commercial transactions. For retailers seeking big online gains this season, security concerns have the potential to be the proverbial turd in the holiday punch bowl.

Recent data shows that one-third of online shoppers hesitate to buy due to concerns about credit card data security. Additionally, 60% of consumers report security concerns when shopping online. Retailers can either fret about these facts, or instead, find the silver lining. eCommerce revenue will continue its steady rise; the onus is on retailers to provide a secure shopping experience and settle jittery consumer fears that kill conversions.

Web Security For the Holidays

The holidays are peak season for hackers to target retail. Increased traffic levels help disguise hackers from detection and retailers are preoccupied with preparing Black Friday sales or putting final touches on holiday email campaigns. To help make sure you deliver a safe and secure online shopping experience this holiday season, it is imperative to prioritize security measures.

Five Web Security 'Must-Haves' for Retailers

  1. PCI DSS Compliance: PCI DSS (Payment Card Industry Data Security Standards) are requirements for companies that process, store or transmit credit card information to do so safely and securely. Make sure you are PCI compliant, and add a visible badge to your eCommerce application. This will signal to consumers that payment information is properly encripted and safeguarded.
  2. HTTPS / Secure Browsing: Ever noticed a small, green "Secure" tab in a browser's URL bar? That is a digital certificate, provided by a 3rd-party Certificate Authority to certify that the site encrypts HTTP traffic, keeping the contents of requests and responses secure for visitors. Digital certificates are another easy signal to ever-wary shoppers that they are on secure site that can be trusted. (Learn more about digital certificates)
  3. DDoS Mitigation: A Distributed Denial of Service (DDos) attack presents a real threat for retail sites. DDoS events are designed to flood a website with traffic and repeat requests. DDos events can happen anytime and are sometimes preceded by an extortion message demanding payment. Unless requests are diverted or blocked, DDoS will slow down or completely crash a web application, making it impossible for real users to access it. Even one hour of downtime will cost a retailer significantly in lost revenue. Retailers need to be prepared at all times and invest in a monitoring and DDoS mitigation solution.
  4. Web Application Firewall: A web application firewall is a type of security technology that filters and reads traffic. A WAF can block or divert requests based on rule configuration. This is a key tool for DDoS mitigation in that bad traffic can be blocked or rerouted. Web application firewalls differ from traditional firewalls in that a cloud-based WAF covers the flow of requests and responses to third-party sites that are integrated into a web application, such as a social media widget. Integrations are often utilized by hackers as a weak point of entry to breach the security of an application.
  5. Education: Some of the largest security breaches have originated from relatively crude methods, like email phishing. The marketing team at ADT takes this to an extreme by sending fake phishing emails to employees, and if they catch a click, the guilty party has to study up with a course on web security. Developing company-wide security policies is an essential step to safeguarding against attacks.

originally written by Brendan MacArthur

Data security Web Service Application firewall Web application

Published at DZone with permission of Alex Pinto, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • AWS Web Application and DDoS Resiliency
  • How To Optimize the Performance and Security of Your Website Using Modern Tools and Techniques
  • 4 Major Steps Of Web Application Penetration Testing
  • Identifying, Exploiting, and Preventing Host Header Attacks on Web Servers

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: