Internet Banking Safeguards Vulnerabilities - AppSecEU 2016
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore common attack patterns and vulnerabilities in internet banking safeguards through this conference talk from AppSecEU 2016 in Rome. Delve into clipboard manipulation, server vulnerability exploitation, and how banks mitigate these risks. Examine functional and non-functional vulnerability examples, transaction authorization best practices, and recommendations for trusted recipients. Learn about transaction limits, notification requirements, and user authentication methods. Discuss the revised Payment Services Directive, Strong Customer Authentication, and implementation errors. Gain insights into precise requirements and OWASP's role in improving internet banking security.
Syllabus
APPSEC EUROPE
Agenda
Common attack patterns
Clipboard (or memory) manipulation
Server vulnerability exploitation
How banks mitigate these risks?
Vuin examples (functional)
Vuln examples (non functional)
Transaction authorization best practices
make it trusted
overwrite data
business logic error
Trusted recipients Recommendations
Limit examples
Transaction limits - requirements
Notifications - requirements
USER AUTHENTICATION
Payment Services Directive (revised)
Strong Customer Authentication (SCA)
Payment Initiation Service
Account Information Service
Implementation errors - vulnerabilities
Precise requirements
OWASP to the rescue!
Internet banking - proposal
Taught by
OWASP Foundation
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network