Attacking Internet Banking Applications presented at SyScan 2005

by Fabrice Marie,

Tags: Security Privacy Business Development

Summary : The general public sentiment is that the banks, having always been the guardians of our money,
are expert at safeguarding it. Unfortunately, internet corporate banking and personal banking
applications are usually ridden with bugs. Internet Banking Applications development is nowadays
out-sourced to third party software vendors that have poor understanding of security, and
incomplete quality management processes. Most of the time the applications are extremely insecure
before they get audited by security professional third-parties.This presentation will demonstrate the various attacks that almost always work (and those that
do not), on your ?bank-next-door? internet banking application, illustrated with real life statistics.
We will outline the regular technical attacks and will focus on a hit parade of business logic attacks.
We will steal money from other customers, buy shares for free, and spy on other customers bank records
among many other frauds.This demonstration will highlight the solutions to some of the challenges the banks will face online to
ensure that their data handling practices are compliant with their country?s privacy regulations and
banking regulations among others.