How Not To Implement A Payback/Cashback System presented at OWASP BeNelux 2010

by Thierry Zoller,

Tags: Infrastructure Exploitation


Summary : Cashback is a name given to progams where participants will earn points for every net euro/dollar in purchases made. There are many ways this can go wrong. We will revisit the design, architecture of common Cashback systems on every operational level. We will take one particular interesting Payback program as an example and show how NOT to deploy. Death by a thousand cuts.
Beware : Hilarity will ensue.