An investigation of common security vulnerabilities and secure coding practices to mitigate them

Abstract

The main aim of this dissertation is to study various common security vulnerabilities as well as the countermeasures available to mitigate them and then propose a solution which reduces the weakness to a number of the security vulnerabilities investigated. As a matter of fact, it was decided to deal with the issue of online credit card fraud with respect to man-in-the-browser, keylogging and phishing attacks. The student opted to tackle this problem via a secure mobile payment system. For this reason, numerous secure mobile payment systems were investigated and their strengths and weaknesses were analyzed. In addition, an artefact which addresses the weaknesses of the existing systems is proposed. Unfortunately, at least one of the secure mobile payment systems which were studied was vulnerable to man-in-the-browser attacks since the mobile application component operated through the web browser. On the other hand, some of them were susceptible to phishing attacks primarily because they did not bind the mobile user's log-in credentials to his mobile phone's identity. Moreover, the majority of the systems did not specify a mechanism to disable the accounts created from the mobile user's device in case this was stolen or lost. Consequently, this dissertation builds upon the work of various researchers in the field of information security in order to present a more secure approach for conducting online transactions through the use of smartphones.