Description: E-banking transaction authorization – possible vulnerabilities, security verification and best practices for implementation
Most of the modern internet or mobile banking applications use some sort of second factor, such as TAN lists, SMS codes, time-based OTP tokens, etc. to let user verify banking operations and to protect against MitM or malware attacks. During security tests in pre-production, it often turns out that tested banking systems have serious security flaws regarding implementation of transaction authorizations mechanisms, that (if not detected and corrected) could allow attacker to bypass or weaken those safeguards. During this presentation I would like to throw light on transaction authorization mechanisms security. The agenda will include:
• Examples of possible vulnerabilities, which could allow to bypass those security mechanisms.
• Resistance of selected transaction authorization mechanisms to common banking malware attacks.
• Suggested best practices regarding implementation of transaction authorization.
For More Information Please Visit: - http://2015.appsec.eu/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.