10016555

Introduction : Quick.Cart is a shopping cart software which is freeware. It is compatible with most internet servers as it is written in PHP. It is very easy to install tool which does not require SQL-type database and its write all data to secure text files. Quick.Cart is made mostly for small and medium size businesses who cant afford big e-commerce websites. (OpenSolution.Org, 2011) Level of Search Engine Optimization provided by QuickCart : The Quick.Cart shopping cart software automatically generate optimized search engine compatible pages with unique meta tags & page tiles for each products (QuickCart, 2011). Search engine optimization is the process of improving visibility of a website or a web page in search engine via natural search results. More frequently a site appears in the search results list, the more likely visitors it will receive thus attract more traffic to a site. SEO referes to search engine optimizers, a term adopted by consultants who took optimization projects on behalf of clients (Sullivan, 2004). Optimizing shopping cart store for search engines is more important thing when we want people to come to our store and purchase our items online. Search engine optimization is the best way to get traffic to our online store from search engines. Lot of saless that take place online happen with the use of search engines to look for things, and buyers use search engines as a medium to direct them to retailers.Therefore, it is important to optimize ecommerce store for search engines. In order to get right customers, we need to make it sure that our site must contains right materials. Internet is becoming very interesting and it works in several different ways. Search engines matches the words that people are searching to our site that is why we need to manage words in such a manner which makes easy for search engine to locate. Search engines work by storing information about webpages they retrieve by a Web crawler (also known as spider)- an automated Web browser which automatically download webpages. The content of each page is then analyzed to determine how it should be indexed by using words extracted from the meta tags. Data about web pages stored in an index databasewhich allows information to be found quickly as possible. Search engines like Google, store part or all of the source page and information about the webpages, whereas, search engines like AltaVista, store every word of every page they find. When user enters a query into a search engine, the engine examines its index and provides list of best matching web pages according to its criteria (WebpageFX, 2011).

10016555

Source : Architecture of a Webcrawler, PhD. Thesis of Carlos Castillo Quick Shopping cart allows us to add meta tag information to our products and categories. Meta tags helps to improve sites search engine optimization (SEO) by making it easier for customers to locate products by using search engines. Although some of the major search engines focusing less on these page elements, the well-composed meta contents is an important and integral part of well optimized web page (GoDaddy, 2010). To Add SEO to Products or Categories
1. Log in to Admin. 2. In the Products section, Select Products to add meta tags to an

existing products Or Select Add Products to add a new product and then include meta tags.
3. In the SEO section, complete the following:

Page title Title meta tags display at the top of the browser window and also displays in the search results as the linked title to web page. It should include keywords that will help people to locate our store. Meta Description Meta tags description is a a sentence describing the product or category, some search engines pick up these content to display it below the title meta tag. Keywords

10016555

Keywords is the lists of words or phrases that describe the product or category of products we are selling separated by comma.
4. Click on Save.

Several things we need to remember about this process. Using as many related keywords is the best way to optimize and helps us in pushing up the store higher in the search engine rankings. Many search engines now started to flag sites as spam if they have keyword density that is much higher that would occur in normal speech. We should have keyword density between two and seven percent, anything higher is going to be labeled as spam which affects business. Quick.Cart optmizes search engine friendly pages by allowing users to change page title, URL address, keywords Meta description to every page and product. While optimizing web pages, we need to make sure that putting company name, product names, and website information out on the internet as much as possible. (ii) the attack/security vulnerabilities (if any) of the software Rapid increase in online transaction led to the rise in number and type of attacks against the security of online transaction systems. Some of the attacks have vulnerabilities that have been published in thirt-party components such as shopping cart shoftware. There are different types of vulnerabilities such as SQL injection, cross-site scripting, information disclosure, price manipulation, path disclosure and buffer overflows (Mookhey, 2004). Path and information disclosure vulnerabilities act as intial stages leading to further destruction. Price manipulation attacks or SQL injection can create problem in website by compromising confidentiality and in some cases led to shut down of website completely. The main reasons for such vulnerabilities is the fact that web application developers are often not very versed with secure programming techniques, as a result, security of the applications like shopping cart or other e-commerce systems is not necessarily one of the design goals. World and technology is changing very rapidly and users are placing demanding requirements on ecommerce providers which requires complex designs and programming logic. 128-bit SSL certificate is a proof that shows e-commerce sites are well secured, nowadays, thousands of websites displaying Verisign or Thawte certificate icons as proof of their security (Mookhey, 2004). The common vulnerabilities that have been discovered in shopping cart software are as follows : SQL Injection

10016555

It refers to the insertation of SQL meta-characters in user input, such that the attackers querries are executed by the back-end database. Attackers first check whether site is vulerable to such an attack by sending singlequote (`) character. SQL injection attack on a vulnerable site my range from detailed error message, which disclosed back-end technology used, and also allows the attacker to access restricted areas of the site, because he manipulated query to an always-true Boolean value and may even allow the execution of operating system commands. Quick Cart contains a flaw that allows remote attacker to carry out an SQL injection attack. The issue is caused due to the shoptellafriend.asp script not properly sanitized user-supplied input to id variable. With the help of this, remote attacker can inject or manipulate SQL querries in the back end database. Currently, there are no known patches, upgrades or workarounds available to correct this issue (Walter, 2005). Price Manipulation Price manipulation is a unique vulnerability to online payment gateways and shopping carts. The total payable price of the purchased goods is stored is stored in the hidden HTML field of dynamically generated webpage. Web application proxy such as Achilles used by the attackers to simply modify the final amount payable. This final price payable information is sent to the payment gateway with whom online merchant has parterned (Rhoades, 2003). The price manipulation may go completely unoticed or undiscovered if the volume of transactions is very high. These vulnerabilities have been found in third party software such as 3D3 ShopFactory shopping cart where item and price-related information stored in client side cookies which can easily manipulated by attacker. Same with Smartwin Technology CyberOffice Shopping Cart 2.0 where user can download order form and resubmit it to the target server. Although, there no attack has been reported for price manipulation in QuickCart so far, however, this is a very unique vulnerability which may cause big problem in long run (Mookhey, 2004). Buffer Overflows Buffer overflow are not very common vulnerability in shopping cart using Perl, PHP, ASP, etc, however, sending large number of bytes to the application which are not designed to deal with them can create unexpected problems. Sending large values in the input fields can disclose

10016555

the path of PHP functions. When back-end PHP script not able to process large values, the display error can reveal the location of the PHP functions. Attacker can access the restricted admin folder after using error information. Cross-site scripting QuickCart is a PHP based shopping cart application. QuickCart is prone to a cross-site scripting vulnerability because its unable to sufficiently sanitize user supplied input passed to the `admin.php script (Center, 2009). Attackers uses this issue to execute arbitrary script code in the browser window of an trusting user in the context of the affected site. With the help of this , an attacker can steal cookie based authentication credentials and able to launch other attacks. The vulnerability is confirmed in QuickCart version 3.4 and other versions may also be affected (F-Secure, 2009). Multiple cross-site request forgery (CSRF) vulnerabilities in QuickCart 3.4 which allows remote attacker to hijack authentication of the admin, that can Delete orders via admin.php, delete pages and delete products. Local file inclusion vulnerability This vulnerability let to the exposure of sensitive information where credentials or documents are leaked or can be revealed either remotely or locally. It also includes vulnerabilities where information abou the system (running services, version, installation path) are exposed and can be revealed locally or from remote. Kacper discovered this vulenerability in Quick.Cart, which can be exploited by malicious people to diclose sensitive information. In this, input passed via `sLanguage cookie in config/general.php Include files can be exploited from local resources and execute malicious PHP code by injecting it into log files. This vulnerability is confirmed in QuickCart version 2.2 (Kacper, 2007). QuickCart software is a powerful hosted database driven e-commerce solution which is CISP & PCI complianced. It used 1024 bit Secure Sockets Layer (SSL) software to protect transactions, company and customer data from unauthorized third parties. QuickCart uses SSL to encrypt all of customer personal information, credit card number, name and addresses (QuickCart, 2010). (iii) the conformance of the QuickCart system to W3C accessibility guidelines

10016555

The W3C released a recommendation on May 5, 1999 on Web Content Accessibility which intented to guide web site owners conducting accessibility reviews. W3C specification includes fourteen guidelines, which comprise the general principles of website design. Each guideline includes checkpoints that describe how to apply that guidelines to particular feature of webpage. W3C accessibility guidelines are as follows : 1. Provide equivalent alternatives to auditory and visual content Users may not be able to access the auditory and visual content. If we have a graphical arrow that points right of the screen to indicate users that they can go forward if they click on the arrow. The W3C guidelines, there should have text alternative to the graphics which says something along the lines like Go Forward. Provision of non-text equivalents such as pictures, video and audio of text is beneficial to many users whoch having reading problem or difficult to read. 2. Dont rely on color alone Users can be color blind and for them web experience will be frustrating. The guidelines recommend to avoid using color as visual cue, however, in some cases, if we use colors, then we should provide adequate alternate cues. There should be strong contrast between foreground and backgroud graphics and texts. In QuickCart, administrator can changes color schemes according to W3C assessibilities guidilenes. 3. Use of Markup and Stylesheets When we create documents, we need to make it sure that we should create it with proper structural elements. Control presentation with the help of style sheets rather than attributes and elements. Differentiation between structure, content and presentation helps and allows users to understand the organization of the page. QuickCart allow us to apply our own styles of shopping cart using advanced Cascading style sheets features which is available in extented versions of QuickCart shopping cart software. 4. Uses of natural language LANG tag helps users to identify language located in head of the document, which specify up-front the language users using within the document. The value of attritube can be any of the ISO standard whicn includes two character language abbreviations, like LANG=EN allows browser to understand that the document is in english.

10016555

QuickCart includes Language management features by which users can add or create new language according to specific requirement. 5. Create tables that transform gracefully Tables must be used for tabular data rather than to achive certain presentational design or style. Create and provide linearized tables or a non-tabled version of the page, otherwise, if we have newpaper-style table that contains columns, most of the readers mainly read the first line of each column before moving to the second line. QuickCart allow to create linerized tables which makes information more readible. 6. Transformation of pages featuring new technologies While developing website with latest technology we need to make it sure that older version browser are still able to view the webpages. This also impact users with new browsers who opt options to turn off features like Java, javascript, images etc. While using QuickCart shopping cart software, we need to ensure that we should be using web brosers, Internet Explorer 6.5 or later, Netscape 9.0 or later, Mozilla Firefox (windows or Mac OS), Safari (Mac OS). Best resolution for QuickCart is in 1024x768. Customers can view storefront at 800x600 resolution using Web broswer which includes, America Online, MSN, Internet Explorer 6.5 or later, Netscape 9.0 or later, Mozilla Firefox (windows or Mac OS), Safari (Mac OS) (GoDaddy, 2010). 7. User control of time-sensitive content Moving, scrolling or auto-updating objects or pages should be paused or stopped because some people with visual disablities are unable to read moving text quickly. Movement sometimes cause distraction to the user and makes page unreadable for people with disabilities. QuickCart extended version includes Advanced CSS feature which allows users to apply own styles using Advanced Cascading Style Sheets. 8. Direct accessibility of embedded user interfaces The user interface should follow principles of accessible design, device independent access to functionality and keyboard operability etc. All interfaces that are embedded into page like applets, plugin etc should follow the guidelines of accessibility.

10016555

9. Device independent design Device independent design access allows user to interact with the document or user agent with the preferred input or output device like keyboard, mouse, voice etc. In some pages, form control can only be activated with pointing device or mouse, voice input, or with a keyboard. Quickcart uses normal keyboard or mouse interaction to input, however, technology is keep on changing and with the use of plugins we can implement voice interaction in forms. 10. Use of interim solutions Use Interim accessibility solutions while developing web pages so that old technologies and browsers can also operate correctly. Older browsers do not allow users to edit empty boxes, Older screen reader makes active elements difficult or impossible to access because they read lists of regular succession links as one link. QuickCart is compatible with most of the old browsers. 11. W3C technologies and guidelines Use W3C technologies when they are available and use latest versions when supported. Always try to void deprecated features of W3C technologies and provide information according to user own preferences like language, content type etc. 12. Context and Orientation information Grouping of elements with contextual information about the relationship between them usefull for many users. Complex connection between parts of a page difficult for people with disabilities to interpret. Breaking down of information from large blocks to small parts helps user to understand more easily and clearly. In QuickCart, we can break down information like short description and full descriptions of products. Short description give user idea and full description provide full details to user about product. 13. Provide clear navigation mechanism Provide consistant and clear navigation mechanisms by using navigation bars, orientation information, a site map etc. so that person can find required information easily. QuickCart provides site map features by which users can search required products and information easily and hassle free.

10016555

14. Ensure that documents are clear and simple Site content should be made up of simple and clear language. Always try to supplement text with auditory or graphic presentation which helps users to understand things with consistang style of presentation across all pages. With the help QuickCart shopping cart Software, we can design web pages manually with a use of simple and clear language (Danino, 2001).

Works Cited
Anon., 2011. Easy E-commerce. [Online] Available at: http://www.quickcart.com/ [Accessed 2 2011 2011]. Center, J.-S., 2009. TITLE: QUICK.CART 'ADMIN.PHP' CROSS SITE SCRIPTING VULNERABILITY. [Online] Available at:http://www.juniper.net/security/auto/vulnerabilities/vuln31216.html [Accessed 5 April 2011]. Danino, N., 2001. W3C Accessibility Guidelines. [Online] Available at: http://articles.sitepoint.com/article/w3c-accessibility-guidelines [Accessed 5 April 2011]. F-Secure, 2009. Quick.Cart Cross-Site Request Forgery Vulnerability. [Online] Available at: http://www.f-secure.com/vulnerabilities/SA200905518 [Accessed 5 April 2011]. GoDaddy, 2010. Improving the SEO of Your Quick Shopping Cart Site. [Online] Available at: http://help.godaddy.com/topic/508/article/5380? locale=en&isc=cp1 [Accessed 5 April 2011]. GoDaddy, 2010. System Requirements for Quick Shopping Cart. [Online] Available athttp://help.godaddy.com/article/1010?isc=cp1&locale=en#browser [Accessed 5 April 2011]. Kacper, 2007. Quick.Cart "sLanguage" Local File Inclusion Vulnerability. [Online] Available at: http://www.securelist.com/en/advisories/25513 [Accessed 5 April 2011]. Mookhey, K.K., 2004. Common Security Vulnerabilities in e-commerce Systems. [Online] Available at: http://www.symantec.com/connect/articles/commonsecurity-vulnerabilities-e-commerce-systems [Accessed 5 April 2011]. OpenSolution.Org, 2011. Quick.Cart. [Online] Available at: http://opensolution.org/quick.cart_editions,en,9.html [Accessed 02 April 2011]. QuickCart, 2010. FAQ. [Online] Available at: http://www.quickcart.com/ecom_faq.cfm [Accessed 5 April 2011].

10016555

10

Rhoades, D., 2003. Achilles. [Online] Available at: http://www.mavensecurity.com/Achilles/ [Accessed 5 April 2011]. Sullivan, D., 2004. Who Invented the Term "Search Engine Optimization? [Online] Available at: http://forums.searchenginewatch.com/showpost.php? p=2119&postcount=10 [Accessed 2 April 2011]. Walter, B., 2005. OSVDB. [Online] Available at: http://osvdb.org/20999 [Accessed 5 April 2011]. WebpageFX, 2011. WebpageFX. [Online] Available at: http://www.webpagefx.com/ecommerce-store-seo.html [Accessed 2 April 2011].