Abstract
This paper was designed with the intention of analyzing the vulnerability of e-commerce websites. We are going to describe the transmission of data in clear text without encryption by hypertext transfer protocol (HTTP), the reason why we argue that by means of a sniffer technique this information can be captured and this way violates customer privacy information.
Keywords: Security, Vulnerability, Sniffing, http.
References
N. Ahmad y H. M. Kashif, “Analysis of Network Security Threats and Vulnerabilities by Development & Implementation
of a Security Network Monitoring Solution”, M.S. thesis Blekinge Institute of Technology, 2010.
E. Nsambu y D. Aziz, “Computer Engineering The Defense Against the latest Cyber Espionage both insider and
outsider attacks”, M.S. thesis Mid Sweden University, 2012.
N. Särökaari, “Identifying malicious HTTP Requests”, B.S. thesis Haaga-Helia University, 2012.
R. Fielding et al., “Hypertext Transfer Protocol -- HTTP/1.1”, ACM Digit. Libr., pp. 13–176, Jun. 1999, doi:
17487/rfc2616.
D. Stuttard y M. Pinto, The web application hacker’s handbook: finding and exploiting security flaws. Wiley, 2011.
D. Gourley, B. Totty, S. Marjorie, A. Aggarwal, y S. Reddy, “HTTP Guide”, Foreign Aff., vol. 91, núm. 5, p. 635,
, [En línea]. Disponible en: https://www.oreilly.com/library/view/http-the-definitive/1565925092/.
SANS Institute, “Web Application Penetration Testing Training | SANS SEC542”, 2010, [En línea]. Disponible en:
https://www.sans.org/cyber-security-courses/web-app-penetration-testing-ethical-hacking/.
Bigcommerce, “Ecommerce Data Breaches: Real Costs of Security Mismanagement”,2020. https://www.bigcommerce.com/articles/ecommerce/ecommerce-data-breaches/ (consulted abr. 21, 2021).
M. W. Holt, D. Zappala, K. Seamons, y P. Egbert, “After HTTPS: Indicating Risk Instead of Security”, M.S thesis
Brigham Young University, 2019.
C. Hoffman, “Why Does Google Chrome Say Websites Are ‘Not Secure’?”, howtogeek.com, 2018. https://www.howtogeek.com/359298/why-does-google-chrome-say-websites-are-“not-secure”/ (consultado abr. 16, 2021).
Z. Wilson, “Global Information Assurance Certification Paper Hacking: The Basics”, 2001. Consultado: abr. 15,
[En línea]. Disponible en: http://www.giac.org/registration/gsec.
I. A. Ibrahim Diyeb, A. Saif, y N. A. Al-Shaibany, “Ethical Network Surveillance using Packet Sniffing Tools:
A Comparative Study”, Int. J. Comput. Netw. Inf. Secur., vol. 10, núm. 7, pp. 12–22, jul. 2018, doi: 10.5815/ijcnis.
07.02.
V. Network, “Cyber Security Attacks Network Sniffing”. https://www.valencynetworks.com/articles/cyber-security-attacks-network-sniffing.html (consulted abr. 15, 2021).
O. N. Henry y M. A. Agana, “Intranet Security Using A LAN Packet Sniffer to Monitor Traffic”, en 9th International Conference on Computer Science and Information Technology (CCSIT 2019), Jun. 2019, pp. 57–68, doi: 10.5121/csit.2019.90806.
K. Uchino, Global Crisis, and Sustainability Technologies. WORLD SCIENTIFIC, 2017.
F. M. S. Carreno, O. C. F. Unda, C. L. C. Naranjo, y L. D. Rosales, “Security For Applications With Multiple Users”, en 2020. 15th Iberian Conference on Information Systems and Technologies (CISTI), Jun. 2020, vol. 2020-June, núm. June, pp. 1–6, doi: 10.23919/CISTI49556.2020.9141157.

This work is licensed under a Creative Commons Attribution 4.0 International License.