E-Banking Web Security

E-Banking Web Application Security That's Where the Money Is

Corporate Security Management How much can port 80 / 443 affect

OWASP top 10 – NEW ! 19 May 2007
Cross Site Scripting (XSS)‏
Injection Flaws
Malicious File Execution
Insecure Direct Object Reference
Cross Site Request Forgery (CSRF)‏
Information Leakage and Improper Error Handling

OWASP top 10 – NEW ! 19 May 2007
Broken Authentication and Session Management
Insecure Cryptographic Storage
Insecure Communications
Failure to Restrict URL Access

PCI DSS 1.1
6.6 Ensure that all web-facing applications are protected against known attacks by applying either of the following methods:
Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security
Installing an application layer firewall in front of web-facing applications.
Note: This method is considered a best practice until June 30, 2008, after which it becomes a requirement.

Web Application Firewalls
Easy Deployment
HTTP/S Support
Detection Techniques
ProtectionTechniques
Virtual Patching
No Fixing
Still Vulnerable
www.webappsec.org

Zero false positives
You are in control – Ethical Hacking
Push beyond low hanging fruits
It takes one to know one
Layer 8 Analysis – It’s Human

But you don’t do the assessment
You see the report !
It is a pain !

Certification
Experience
Go For Quality Dragos Lungu [email_address] Images from www.flickr.com
Methodology
References

http://www.dragoslungu.com	173
http://www.slideshare.net	9
http://66.102.9.104	1
http://www.lmodules.com	1

E-Banking Web Security

by dragoslungu on May 29, 2007

Accessibility

Categories

Tags

Upload Details

Usage Rights

4 Embeds 184

Statistics

E-Banking Web Security — Presentation Transcript