research-article

ASPIDA: An Observatory for Security and Privacy in the Greek e-Business Sector

Authors:

Vasileios Vlachos,

Gerasimos Katevas,

Ioannis Katsidimas,

Emmanouil Kerimakis,

Sotiris Nikoletseas,

Stefanos Panagiotou,

Paul SpirakisAuthors Info & Claims

PCI '21: Proceedings of the 25th Pan-Hellenic Conference on Informatics

Pages 362 - 368

https://doi.org/10.1145/3503823.3503890

Published: 22 February 2022 Publication History

Abstract

Modern e-business policy aims to better frame and steer progress and advancements towards a legal and security aware framework. However, a large percentage of cases neglects the adoption of good security practices, exposing customers to potential risks. In this work, we present a hybrid approach upon self-assessment, self-improvement and self-regulation motivation, offered by the observAtory for Security and PrIvacy DAta (ASPIDA) system. To address privacy and security weaknesses we monitor and analyze a set of security and privacy metrics and indicators. The evaluation of the aforementioned criteria drives an outcome in the form of a digital badge of good practices for the specific website. This digital badge is a recognition and can be used by the e-business owners as an attraction that frames the services and content they offer to the public.

References

[1]

2018. GDPR Assessment: How can I assess my Compliance?https://www.swascan.com/gdpr-assessment/

[2]

2021. The open source PIA CNIL software helps to carry out data protection impact assesment | CNIL. https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment

[3]

Apache. 2021. Apache HTTP Server. The Apache Software Foundation. https://httpd.apache.org/

[4]

Elisa Bertino, Lorenzo D. Martino, Federica Paci, and Anna C. Squicciarini. 2010. Web Services Threats, Vulnerabilities, and Countermeasures. Springer Berlin Heidelberg, Berlin, Heidelberg, 25–44. https://doi.org/10.1007/978-3-540-87742-4_3

[5]

Aristeidis Chatzipoulidis, Theodosios Tsiakis, and Theodoros Kargidis. 2019. A readiness assessment tool for GDPR compliance certification. Computer Fraud & Security 2019 (08 2019), 14–19. https://doi.org/10.1016/S1361-3723(19)30086-7

[6]

CWE. 2021. CWE - 2019 CWE Top 25 Most Dangerous Software Errors. https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html

[7]

ENISA. 2021. ENISA Threat Landscape through the years. https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape

[8]

Michael Felderer, Matthias Büchler, Martin Johns, Achim D. Brucker, Ruth Breu, and Alexander Pretschner. 2016. Security Testing. In Advances in Computers. Vol. 101. Elsevier, 1–51. https://linkinghub.elsevier.com/retrieve/pii/S0065245815000649

[9]

Flask. 2021. Welcome to Flask — Flask Documentation (2.0.x). https://flask.palletsprojects.com/en/2.0.x/

[10]

Google. 2021. Google safe browsing. https://developers.google.com/safe-browsing?hl=el

[11]

OWASP Headers. 2021. OWASP Secure Headers Project. https://owasp.org/www-project-secure-headers/

[12]

InfoSec. 2021. Web Security. https://infosec.mozilla.org/guidelines/web_security

[13]

Julian Jang-Jaccard and Surya Nepal. 2014. A survey of emerging threats in cybersecurity. J. Comput. System Sci. 80, 5 (Aug. 2014), 973–993. https://linkinghub.elsevier.com/retrieve/pii/S0022000014000178

[14]

MariaDB. 2021. Open Source Database (RDBMS) for the Enterprise. https://mariadb.com/

[15]

Dirk Merkel. 2014. Docker: Lightweight Linux Containers for Consistent Development and Deployment. Linux J. 2014, 239, Article 2 (March 2014).

Digital Library

[16]

Nikto. 2021. Nikto web server scanner. https://cirt.net/Nikto2

[17]

OpenVAS. 2021. OpenVAS - Open Vulnerability Assessment Scanner. https://www.openvas.org/

[18]

OWASP. 2021. OWASP Top Ten Web Application Security Risks | OWASP. https://owasp.org/www-project-top-ten/

[19]

React. 2021. React – A JavaScript library for building user interfaces. https://reactjs.org/

[20]

SSLabs. 2021. SSL Server Test (Powered by Qualys SSL Labs). https://www.ssllabs.com/ssltest/

[21]

TestSSL. 2021. /bin/bash based SSL/TLS tester: testssl.sh. https://testssl.sh/

[22]

Vasileios Vlachos, Yannis C. Stamatiou, Adelina Madhja, and Sotiris Nikoletseas. 2017. Privacy Flag: A Crowdsourcing Platform for Reporting and Managing Privacy and Security Risks. In Proceedings of the 21st Pan-Hellenic Conference on Informatics (Larissa, Greece) (PCI 2017). Association for Computing Machinery, New York, NY, USA, Article 27, 4 pages. https://doi.org/10.1145/3139367.3139432

Digital Library

[23]

W3af. 2021. w3af - Open Source Web Application Security Scanner. http://w3af.org/

[24]

ZAP. 2021. The ZAP Homepage. https://www.zaproxy.org/

Cited By

da Veiga AOchola EMujinga MMwim E(2022)Investigating Data Privacy Evaluation Criteria and Requirements for e-Commerce WebsitesAdvanced Research in Technologies, Information, Innovation and Sustainability10.1007/978-3-031-20316-9_23(297-307)Online publication date: 25-Nov-2022
https://doi.org/10.1007/978-3-031-20316-9_23

Index Terms

ASPIDA: An Observatory for Security and Privacy in the Greek e-Business Sector
1. Applied computing

Index terms have been assigned to the content through auto-classification.

Recommendations

Cyberentity Security in the Internet of Things

A proposed Internet of Things system architecture offers a solution to the broad array of challenges researchers face in terms of general system security, network security, and application security.
Protecting the Privacy Based on Reasoning in E-business Using Anonymous
ESIAT '09: Proceedings of the 2009 International Conference on Environmental Science and Information Application Technology - Volume 03

Nowadays, the E-Commerce plays a very important role in peoples’ life; many people like to shop on internet. At the same time, people left so much information in internet, which include the privacy information. Malicious users in internet can get users’ ...
Privacy Protecting in E-business Using Reasoning
SSME '09: Proceedings of the 2009 IITA International Conference on Services Science, Management and Engineering

Nowadays, the E-Commerce plays a very important role in peoples’ life; many people like to shop on internet. At the same time, people left so much information in internet, which include the privacy information. Malicious users in internet can get users’ ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

PCI '21: Proceedings of the 25th Pan-Hellenic Conference on Informatics

November 2021

499 pages

ISBN:9781450395557

DOI:10.1145/3503823

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 February 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Hellenic Ministry of Development and Investments

Conference

PCI 2021

PCI 2021: 25th Pan-Hellenic Conference on Informatics

November 26 - 28, 2021

Volos, Greece

Acceptance Rates

Overall Acceptance Rate 190 of 390 submissions, 49%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
53
Total Downloads

Downloads (Last 12 months)15
Downloads (Last 6 weeks)3

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

da Veiga AOchola EMujinga MMwim E(2022)Investigating Data Privacy Evaluation Criteria and Requirements for e-Commerce WebsitesAdvanced Research in Technologies, Information, Innovation and Sustainability10.1007/978-3-031-20316-9_23(297-307)Online publication date: 25-Nov-2022
https://doi.org/10.1007/978-3-031-20316-9_23

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents