2. Some Background
The competition took place for the first time at PHDays 2012.
$natch aims at demonstrating the typical vulnerabilities of
online banking systems.
Positive Technologies performs security tests of online banking
systems on a regular basis. We are really into it.
The most interesting and dangerous vulnerabilities along with
the simply typical weaknesses are integrated into PHDays
iBank.
3. Last Year Results
― 9 participants;
― 4 winners;
― the biggest winnings of 3,500
roubles;
― some winners got into the Positive
community
;
(after an extremely scary
interview of course).
4. PHDays iBank 2
PHDays iBank 2 is NOT a real online banking system used by
actual banks.
The system was developed exclusively for the PHDays 2013
competition.
PHDays iBank 2 employs the typical vulnerabilities of online
banking systems.
5. Competition Rules
― 100 bank clients;
― 10 participants;
― 20,000 roubles of prize money;
― 1 day for source code analysis;
― 30–40 minutes of the actual competition;
― a participant will get as much money as he/she will manage
to transfer to his/her account;
― the participants can steal money from each other.
6. At Workshop
You will be able:
― to examine each vulnerability in detail;
― to exploit vulnerabilities “by hand”;
― to exploit vulnerabilities with various tools.
Everything is performed on a special copy of the competition
system.