The document discusses security best practices for e-banking web applications. It recommends using an application layer firewall or having all custom application code reviewed for common vulnerabilities to protect against known attacks. The document also lists the OWASP top 10 security risks, and notes that web application firewalls provide easy deployment and protection techniques like virtual patching without requiring fixes to still vulnerable applications.

1. E-Banking Web Application Security That's Where the Money Is

2. Corporate Security Management How much can port 80 / 443 affect

3. OWASP top 10 – NEW ! 19 May 2007 Cross Site Scripting (XSS)‏ Injection Flaws Malicious File Execution Insecure Direct Object Reference Cross Site Request Forgery (CSRF)‏ Information Leakage and Improper Error Handling

4. OWASP top 10 – NEW ! 19 May 2007 Broken Authentication and Session Management Insecure Cryptographic Storage Insecure Communications Failure to Restrict URL Access

5. PCI DSS 1.1 6.6 Ensure that all web-facing applications are protected against known attacks by applying either of the following methods: Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security Installing an application layer firewall in front of web-facing applications. Note: This method is considered a best practice until June 30, 2008, after which it becomes a requirement.

6. Web Application Firewalls Easy Deployment HTTP/S Support Detection Techniques ProtectionTechniques Virtual Patching No Fixing Still Vulnerable www.webappsec.org

7. Zero false positives You are in control – Ethical Hacking Push beyond low hanging fruits It takes one to know one Layer 8 Analysis – It’s Human

8. But you don’t do the assessment You see the report ! It is a pain !

9. Certification Experience Go For Quality Dragos Lungu [email_address] Images from www.flickr.com Methodology References