Bank Grade Security

Explore the reality behind "bank grade security" claims in this 48-minute conference talk from NDC Conferences. Examine how major Australian financial institutions implement basic security controls and assess their network security using simple tools. Discover the disconnect between security theatre and effective practices. Learn about HTTP headers, security headers, HTTPS, Strict Transport Security, Content Security Policy, SSL/TLS implementations, and security.txt files. Gain insights into unusual responses, toxic responses, and the optics of security. Evaluate the effectiveness of current security measures and understand what individuals can do to protect themselves. Analyze real-world examples and case studies to better comprehend the state of cybersecurity in the banking sector.

Introduction
The List
Neo Banks
Tools
HTTP headers
Security Headers
Results
Awards
HTTPStrict Transport Security
How to get preloaded
Initial assessment
CSP
Demo
Observations
SSL TLS
SSL Labs
SSL Pulse
Unusual Responses
TLS
SSL
Securitytxt file
Toxic responses
Securitytxt
Facebook
IYMP
What can you do
Other criteria
Optics of security
Links