This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, May 22 • 09:50 - 10:35
E-Banking Transaction Authorization - Common Vulnerabilities, Security Verification And Best Practices For Implementation

Sign up or log in to save this to your schedule and see who's attending!

E-banking transaction authorization – possible vulnerabilities, security verification and best practices for implementation
Most of  the modern internet or mobile banking applications use some sort of second factor, such as TAN lists, SMS codes, time-based OTP tokens, etc. to let user verify  banking operations and to protect against MitM or malware attacks. During security tests in pre-production, it often turns out that tested banking systems have serious security flaws regarding implementation of transaction authorizations mechanisms,  that (if not detected and corrected) could allow attacker to bypass or weaken those safeguards. During this presentation I would like to throw light on transaction authorization mechanisms security. The agenda will include:
• Examples of possible vulnerabilities, which could allow to bypass those security mechanisms.
• Resistance of selected transaction authorization mechanisms to common banking malware attacks.
• Suggested best practices regarding implementation of transaction authorization.

avatar for Wojtek Dworakowski

Wojtek Dworakowski

Wojtek Dworakowski, SecuRing Managing Partner Wojtek is an application security consultant with over 10 years of experience and a managing partner of SecuRing, a company dealing with application security testing and advisory. Over last years he has been helping banks, major financial institutions, and software vendors to achieve proper level of application security, including ING, BNP, KBC, UniCredit Group, Sage, Sodexo. Member of Crisis... Read More →

Friday May 22, 2015 09:50 - 10:35
Room Forum Amsterdam RAI

Attendees (33)