Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23

311

312

313

314

315

316

317

318

319

320

What is needed is a well-designed test plan that tests all the functions of your software on a

representative sample of common machine types. A well-planned set of tests should aim to test

every line of code in your project at least once. Ideally, this test suite should be automated so

that it can be run on your selected test machines with little effort.

The greatest problem with testing is that it is unglamorous and repetitive. Although some peo-

ple enjoy breaking things, few people enjoy breaking the same thing over and over again. It is

important that people other than the original developers are involved in testing. One of the

major goals of testing is to uncover faulty assumptions made by the developers. A fresh person

is much more likely to have different assumptions. In addition to this, professionals are rarely

keen to find flaws in their own work.

Repudiation

The final risk we will consider is repudiation. Repudiation occurs when a party involved in a

transaction denies having taken part. E-commerce examples might include a person ordering

goods off a Web site, and then denying having authorized the charge on his credit card; or a

person agreeing to something in email, and then claiming that somebody else forged the email.

Ideally, financial transactions should provide the peace of mind of nonrepudiation to both par-

ties. Neither party could deny their part in a transaction, or, more precisely, both parties could

conclusively prove the actions of the other to a third party, such as a court. In practice, this

rarely happens.

Authentication provides some surety about whom you are dealing with. If issued by a trusted

organization, digital certificates of authentication can provide greater confidence.

Messages sent by each party also need to be tamperproof. There is not much value in being

able to demonstrate that Corp Pty Ltd sent you a message if you cannot also demonstrate that

what you received was exactly what they sent. As mentioned previously, signing or encrypting

messages makes them difficult to surreptitiously alter.

For transactions between parties with an ongoing relationship, digital certificates together with

either encrypted or signed communications are an effective way of limiting repudiation. For

one-off transactions, such as the initial contact between an e-commerce Web site and a stranger

bearing a credit card, they are not so practical.

An e-commerce company should be willing to hand over proof of its identity and a few hun-

dred dollars to a certifying authority such as VeriSign (http://www.verisign.com/) or Thawte

(http://www.thawte.com/) in order to assure visitors of the company’s bona fides. Would that

same company be willing to turn away every customer who was not willing to do the same in

order to prove his identity? For small transactions, merchants are generally willing to accept a

certain level of fraud or repudiation risk rather than turn away business.

E-commerce Security Issues

HAPTER 13

E-COMMERCE

SECURITY ISSUES

289

17 7842 CH13 3/6/01 3:36 PM Page 289