THE SECURITY POLICY FOR WEB-APPLICATION OF E-COMMERCE ACCORDANCE WITH THE REQUIREMENTS PA-DSS
DOI:
https://doi.org/10.18372/2310-5461.9.5113Keywords:
web-application, PA-DSS, the security policy, vulnerability, threatAbstract
The analysis of the requirements of the standard PA-DSS is provided. The main threats of e-commerce web-applications are analyzed. The security policy for Java-related web-appplication that performs payment func-tions by credit cards is formed. The choice of software to be used in the implementation of secure web-application is decided.References
Payment Card Industry Security Standards Council standarts. -https://www.pcisecuritystandards.org/security_standards/documents.php.
Payment Card Industry Security Standards Council. Payment Application Data Security Standard (PA-DSS) 2.0, 2010. — 55 р.
The Open Web Application Security Project (OWASP). The OWASP Top 10 Web Application Security Risks for 2010. — https://www.owasp.org/index.php/Category:OWASP_
Top_Ten_Project.
WASC Threat Classification. — http://wasc.org/doc/WASC_Threat_Classification
Ron Ben Natan. HOWTO Secure and Audit Oracle 10g and 11g. — CRC Press, 2009. — 454 р.
Gary Mak, Josh Long, Daniel Rubio. Spring Recipes. — Apress, 2010. — 1059 р.
Peter Mularien. Spring Security 3. — Publishing, 2010. — 397 р.
НД ТЗІ 1.6-003-2004. Модель загроз для інформації та модель порушника. — 23 с.
