E-commerce cybersecurity vulnerability, http protocol case



How to Cite

Almanza Olmedo, M. (2021). E-commerce cybersecurity vulnerability, http protocol case. Minerva, 2(6), 23-31. https://doi.org/10.47460/minerva.v2i6.39


This paper was designed with the intention of analyzing the vulnerability of e-commerce websites. We are going to describe the transmission of data in clear text without encryption by hypertext transfer protocol (HTTP), the reason why we argue that by means of a sniffer technique this information can be captured and this way violates customer privacy information.

Keywords: Security, Vulnerability, Sniffing, http.



N. Ahmad y H. M. Kashif, “Analysis of Network Security Threats and Vulnerabilities by Development & Implementation

of a Security Network Monitoring Solution”, M.S. thesis Blekinge Institute of Technology, 2010.

E. Nsambu y D. Aziz, “Computer Engineering The Defense Against the latest Cyber Espionage both insider and

outsider attacks”, M.S. thesis Mid Sweden University, 2012.

N. Särökaari, “Identifying malicious HTTP Requests”, B.S. thesis Haaga-Helia University, 2012.

R. Fielding et al., “Hypertext Transfer Protocol -- HTTP/1.1”, ACM Digit. Libr., pp. 13–176, Jun. 1999, doi:


D. Stuttard y M. Pinto, The web application hacker’s handbook: finding and exploiting security flaws. Wiley, 2011.

D. Gourley, B. Totty, S. Marjorie, A. Aggarwal, y S. Reddy, “HTTP Guide”, Foreign Aff., vol. 91, núm. 5, p. 635,

, [En línea]. Disponible en: https://www.oreilly.com/library/view/http-the-definitive/1565925092/.

SANS Institute, “Web Application Penetration Testing Training | SANS SEC542”, 2010, [En línea]. Disponible en:


Bigcommerce, “Ecommerce Data Breaches: Real Costs of Security Mismanagement”,2020. https://www.bigcommerce.com/articles/ecommerce/ecommerce-data-breaches/ (consulted abr. 21, 2021).

M. W. Holt, D. Zappala, K. Seamons, y P. Egbert, “After HTTPS: Indicating Risk Instead of Security”, M.S thesis

Brigham Young University, 2019.

C. Hoffman, “Why Does Google Chrome Say Websites Are ‘Not Secure’?”, howtogeek.com, 2018. https://www.howtogeek.com/359298/why-does-google-chrome-say-websites-are-“not-secure”/ (consultado abr. 16, 2021).

Z. Wilson, “Global Information Assurance Certification Paper Hacking: The Basics”, 2001. Consultado: abr. 15,

[En línea]. Disponible en: http://www.giac.org/registration/gsec.

I. A. Ibrahim Diyeb, A. Saif, y N. A. Al-Shaibany, “Ethical Network Surveillance using Packet Sniffing Tools:

A Comparative Study”, Int. J. Comput. Netw. Inf. Secur., vol. 10, núm. 7, pp. 12–22, jul. 2018, doi: 10.5815/ijcnis.


V. Network, “Cyber Security Attacks Network Sniffing”. https://www.valencynetworks.com/articles/cyber-security-attacks-network-sniffing.html (consulted abr. 15, 2021).

O. N. Henry y M. A. Agana, “Intranet Security Using A LAN Packet Sniffer to Monitor Traffic”, en 9th International Conference on Computer Science and Information Technology (CCSIT 2019), Jun. 2019, pp. 57–68, doi: 10.5121/csit.2019.90806.

K. Uchino, Global Crisis, and Sustainability Technologies. WORLD SCIENTIFIC, 2017.

F. M. S. Carreno, O. C. F. Unda, C. L. C. Naranjo, y L. D. Rosales, “Security For Applications With Multiple Users”, en 2020. 15th Iberian Conference on Information Systems and Technologies (CISTI), Jun. 2020, vol. 2020-June, núm. June, pp. 1–6, doi: 10.23919/CISTI49556.2020.9141157.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.


Download data is not yet available.