Security Training
Security Certification
Cyber Security Graduate School
Internet Storm Center
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software SecuritySANS InfoSec Reading Room - eCommerce
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
Featuring 10 papers as of May 23, 2013
Security of Mobile Banking and Payments- By: Vanessa Pegueros (posted on January 8, 2013)
- There doesn't seem to be a week that something relative to mobile and/or mobile payments is not in the news.
- Six Ways to Reduce PCI DSS Audit Scope by Tokenizing Cardholder data
- By: nuBridges, inc (posted on September 29, 2009)
- Exploring the use of tokenization as a best practice in improving PCi dss compliance, while at the same time minimizing the cost and complexity of PCi dss compliance by reducing audit scope.
- A Trusted Smart Phone and Its Applications in Electronic Payment
- By: Changying Zhou (posted on August 29, 2006)
- This paper analyzes the building blocks of the trusted smart phone and proposes a framework to provide a trusted platform for mobile electronic payment.
- An Overview of Session Hijacking at the Network and Application Levels
- By: Mark Lin (posted on May 5, 2005)
- With the business of ecommerce booming, more and more sensitive information is being passed around on the web. Financial and identity information are constantly at risk of being stolen as more and more users take advantage of the ease of doing business online through web applications.
- "SET" to Pull Down the Insecurity Barrier in Front of E-commerce
- By: Onur Arikan (posted on October 31, 2003)
- This paper addresses the topic of Secure Electronic Transaction (SET).
- Inspection Grade Card for Conducting E-Commerce
- By: Andrew McAllister (posted on October 31, 2003)
- This paper provides instructions for inspecting and grading E-Commerce sites, offering descriptions and sample questions to prepare for the inspection.
- eCommerce and Defense in Depth
- By: Clayton T. Dillard (posted on October 31, 2003)
- This document gives an overview of some common methods that can be employed to build defense-in-depth into your eCommerce solution.
- Unique Characteristics of Ecommerce Technologies and their Effects upon Payment Systems
- By: Stephen Burns (posted on October 31, 2003)
- This paper discusses and highlights unique characteristics of the technologies of the ecommerce world compared with traditional payment systems and the way these characteristics may be exploited to compromise payment systems.
- Shopping for Security
- By: Kimberly Lemieux (posted on October 31, 2003)
- This paper serves as a tool to assist users in establishing and testing some baseline security measures as described in the EUser's Security Concerns.
- Information Security Issues in E-Commerce
- By: David J. Olkowski (posted on March 26, 2001)
- A discussion on some of the issues in the state of information security as it pertains to e-commerce.
Check Them Out!
It was, overall, the most in-depth training on securing Windows I've attended!
-Matt Hurst, Madison City Schools
