本篇論文將作者處理許多發生資訊安全實務案例中,根據解決使用者問題的處理方式,挑選出一個如何防止發生個人資料外洩的電子商務交易事件為代表,利用防禦資料隱碼攻擊的方式,整合資訊安全系統架構中,弱點管理(Vulnerability Management)、威脅管理(Threat Management)、系統記錄檔管理(Log Management)防護網路應用層功能之實務應用。此安全防護機制不需要變更既有的網路組態與現有的網站應用程式,並且減少網站維護者微調防護設定的時間,是一個有效又更加安全的電子商務交易防護機制。 Implementing electronic transaction data security mechanism (such as SSL and SET) upon e-commerce web servers is to ensure data communication privacy via protecting the transaction data from being stolen or changed in the transmission process。While malicious attacks of stealing or changing transaction data on e-commerce web servers are still happening。When web programs are accessing or manipulating on the database, the malicious attacking program would use this weak point and effect the attack if there is no examination of web page variable data in the transmitting data back from client end. This results in information security problem of data stolen or changes in the transmission process.
The writer of this paper, based on previous experience in preventing personal data leaking of e-commerce transaction, developed a security protection mechanism defending SQL injection and integrating Vulnerability Management, Threat Management and Log Management of network application layer protection。This security protection mechanism of e-commerce transaction is proved to be effective and secure with advantages of no changes in existing network configuration / web page programs and time reduction in network setting adjustment of website administrator.
