Tag Archives: eCommerce

Cyber Forensics, Cyber Security

Web portal & commerce cyber forensics

Leave a comment

For this discussion, we will refer the top open-source products like Liferay, Drupal, WordPress, etc. and one proprietary portal like SharePoint which has good documentation.

Before studying cyber forensics for portals and commerce area, we must understand it’s architecture and security.

Web application architecture:

  • Three tier architecture:
  • CDN, WAF, Web server – Typically in external exposed subnet – Demilitarized subnet / zone
  • Application Server, Database, File Store, Search, Caching in internal subnet – Militarized zone
  • Integrations like IAM/LDAP/SSO, APIs, LLMs, AI, MQ, Kafka, etc. from various layers possible
  • Server / cloud / VM infrastructure / VPN
  • Use-cases:
  • Insurance policy administration
  • Supplier portals
  • Intranets
  • Search based use cases
  • Workflows / BPMs
  • eCommerce
  • Public websites and more
  • Deployment:
  • Cloud
  • In-prem / self-hosted
  • Clustered environment at most layers

Solutions could be monolith or micro-services driven, etc.

Security:

  • Programming level
  • Secure programming around APIs, Integrations and more
  • App server security
  • Separate subnets
  • JVM security
  • Web server & overall security
  • Https
  • CSP
  • CSRF / CORS
  • XSS
  • Server hardening
  • Access / IAM / 2FA / MFA
  • OWASP like SQL injection and more
  • Cookies & Sessions
  • DoS, DDoS, Malware, Spyware, etc.
  • And more – Security – Liferay Learn
  • Products:
  • Liferay
  • Drupal
  • WordPress
  • SharePoint, Mozilla foundation and many more
  • Custom portals, commerce built with PHP, Java, Dot Net and more

Forensics:

  • Logs of app server
  • Logs of web servers – Why? – IPs many times don’t pass beyond this layer of CDN, WAF, Web server
  • Logs of CDN, WAF
  • Logs of cloud, infra, VM, etc. and details Network Management System, Application Performance Monitoring
  • Database for the state – Very critical – don’t forget this if you get access to logs and overall access of portal
  • File store
  • Search
  • Code for integration, customizations
  • Configurations – XMLs, etc.
  • Access logs and full control of all servers
  • DNS pings
  • Integration logs
  • Concerns: PII, Privacy, State of workflows, system, data, content, etc. Multi session login by single user and 2FA/MFA
  • Building chain of events
  • Audit trails if enabled
  • Admin and other rights
  • Data governance, data security, data analytics, web analytics like Google Analytics
  • Logins, Logouts, Public APIs, Insecure APIs, Insecure servers, Authentication, Authorization
  • Understanding the resolution path: User -> ISP -> Internet over https -> DNS resolution -> Portal CDN -> WAF -> WS (External world and https typically breaks here) -> AS -> Integrations & Search -> DB and back it goes

References:

eCommerce

eCommerce evolution in India – Part 1

Leave a comment

This caselet tries to summarize the evolution of eCommerce in India in the last two decades and lists the phases as observed.

Summary from Wikipedia article here:

  • Internet user base of 600+ Million in India
  • Rapid growth in eCommerce but eCommerce penetration as a percentage of internet users is low compared to US, China, France and so on
  • Cash on delivery is the preferred mode for more than 70% of users
  • Demand for international products is high
  • Flipkart, Amazon, Snapdeal, JioOnline, Multiple grocery vendors and specialized sellers in electronics, gifts, travel and more are the leading eCommerce entities
  • Open Network for Digital Commerce is under pilot phase in India
  • Online travel booking, apparel, retail, grocery, electronics, mobile, DTH, warehousing, logistics, food delivery, ride hailing, furniture, luxury, home maintenance & services, gifts, fashion are a large component of eCommerce in India
  • COVID-19 created lot of upheaval in the models and sales in eCommerce
  • Evolution into 10-30 minutes delivery, next day delivery and innovative models have seen an uptick in last 3-5 years
  • Large number of investors have put in money into various entities over the last 10-15 years
  • Niche players in automobile, apparel, grocery and similar areas have been coming up
  • String of acquisitions / mergers have happened over the last 10 years especially from large players
  • B2B eCommerce is growing quickly. Players like Bizongo, Udaan, Medikabazaar, Moglix, Ofbusiness and Inframarket are present.
  • Major regulation rules include foreign players not allowed to hold inventory

Phases as observed in the last two decades:

  • Standalone focussed players – early entrants – with less regulation
  • High growth in number of eCommerce players
  • Entry of investors
  • Regulations evolving over time
  • Shift of smaller sellers (many of them) to marketplaces
  • Friction between online & offline sellers
  • Hyper competitive growth with losses to capture market
  • Enablement of financial ecosystem like UPI, RuPAY, QR, JanDhan, Cash on delivery models and so on
  • Evolution of 4G and broadband
  • Specialized and niche sellers
  • IPOs for many specialized players
  • Newer models of sales around delivery, bundling of additional facilities and so on
  • Evolution of local logistics players
  • Consolidation, closures & M&A across the industry
  • Brand building, focus shift to a mature mindset and ecosystem
  • Newer initiatives to standardize eCommerce like ONDC and preparation for 5G

References:

  • https://en.wikipedia.org/wiki/E-commerce_in_India
  • https://en.wikipedia.org/wiki/Open_Network_for_Digital_Commerce
  • https://economictimes.indiatimes.com/tech/tech-bytes/rapid-digitalisation-drives-b2b-ecommerce-during-pandemic/articleshow/88500483.cms
  • Google News

Email me: Neil@HarwaniSystems.in