Date of Award

Fall 8-14-2008

Document Type


Degree Name

Master of Science in Information Systems (MSIS)

First Advisor

Wayne Pauli

Second Advisor

Ronghua Shan


his thesis looks at the security of electronic commerce (Ecommerce). It begins with an introduction to Ecommerce security terminology. Security requirements for card payments via the Internet are then described, as are protocols for electronic transaction processing. The Secure Socket Layer (SSL) protocol, together with its standardized version Transport Layer Security (TLS) is the widely used means to secure electronic transactions made over the Internet. The SSL and TLS protocols are analyzed with respect to how well they satisfy the outlined security requirements. As SSL and TLS provide transport layer security, and some of the security requirements are at the application level, it is not surprising that they do not address all the identified security requirements. Web applications and services are the fastest growing area of attacks. Web applications security is discussed at the end with an example attack- cross-site request forgery (CSRF).