Source: http://video.hitb.org/2005.html

The general public sentiment is that the banks, having always been the guardians of our money, are expert at safeguarding it. Unfortunately, internet corporate banking and personal banking applications are usually ridden with bugs. internet banking Applications development is nowadays out-sourced to third party software vendors that have poor understanding of security, and incomplete quality management processes. Most of the time the applications are extremely insecure before they get audited by security professional third-parties. This presentation will demonstrate the various attacks that almost always work (and those that do not), on your “bank-next-door” internet banking application, illustrated with real life statistics. We will outline the regular technical attacks and will focus on a hit parade of business logic attacks. We will steal money from other customers, buy shares for free, and spy on other customers bank records among many other frauds. This demonstration will highlight the solutions to some of the challenges the banks will face online to ensure that their data handling practices are compliant with their country’s privacy regulations and banking regulations among others.

Full Video: http://video.google.com/videoplay?docid=1936618177117188661

Duration : 0:7:40

Technorati Tags: banking, Fabrice, FMA, internet, IT, Management, Marie, Penetration, Risk, RMS, security, Solutions, Test