Security Testing Handbook for Banking Applications (eBook)

Print this page

 

This title is available in Softcover format here

This book shows you the steps that banks have to take to defend the security of their banking applications. It describes the most important penetration tests that security professionals carry out to make sure that banking applications are properly protected.

 

This guide explains the best overall strategy for banks to employ so as to counter the various threats, as well as the main testing tools employed by application security professionals. The authors combine expert technical knowledge of the subject with a solid grasp of the needs of the industry. They provide valuable, practical advice on what to do to counter the threat of cybercrime. If you are in banking or financial services, or involved in e-commerce in general, this is the book to get you up to speed on many of the key issues relating to compliance and information security best practice.

 

 

Benefits to business include:

• Understanding the problem
  You need to understand the function of the application before you can appreciate where and how it is vulnerable to cybercrime.
• Understanding the threat
  Once you understand the nature of the threat you are facing, you will be in a better position to counter it. This book will show you how to create an exhaustive threat profile for any given application.
• Defending your assets
  The authors are information security experts, and they will give you invaluable advice on what you can do to protect your financial information. Simple steps, like clearing caches of sensitive data and exercising caution when downloading material, can make a real difference.

When the criminal fraternity has been honing its computer skills, how should you respond?

 

Bank robbery is changing. Criminals will always target banks, simply because banks have so much wealth in their keeping. However, in the twenty-first century the facemask and the sawn-off shotgun have begun to look old fashioned. Criminals understand the importance of adapting to new technology. Like newspapers, travel agents and booksellers, thieves have now gone online.

Thieves go digital

What criminals bring to the digital world is the same patience and cunning that they have traditionally applied to the task of picking a lock, cracking a safe, or forging a banknote. For the banking industry, this is a serious headache, because digital applications, such as core banking, the debit card management system, and Internet banking, are now at the heart of how the banks deal with their customers. Enabling people to do more for themselves has allowed the banks to cut costs, as well as to make dramatic improvements in customer service. It is thanks to these applications that the customer experiences fewer queues and less hassle. So, if you are on holiday abroad, you can now withdraw cash in the local currency from an ATM using your debit card. Online banking makes it easier to pay bills, transfer funds, and even play the stock market. The clearing banks have recently begun to offer banking by mobile phone. However, the banks can only deliver these improvements if their customers know that their money is secure.  

The new threats

In line with the constant progress and innovation shown by the banking sector, cybercrime has become increasingly sophisticated in its own right. Where once the opportunities to steal from a bank account were restricted to forging a cheque or skimming credit card details, today’s criminal can access your bank account by taking the digital route. Applications are attractive to criminals because, unless effectively protected, the criminal can use them to access the bank’s cash through a single account holder. The methods used by the cybercriminal now involve much more than merely trying to guess passwords through “brute force” or “dictionary” attacks. Phishing and pharming scams use a fake email address, or create a fake web page, in order to con you into providing the thief with your bank details and password. Criminals will attempt to trick bank customers into downloading malicious software containing a key logging programme that will then be used to steal your information and passwords. The criminal may also attempt to access the bank’s entire account holder database through one individual customer account using a structured query language (SQL) injection.

Find out what you need to do to make your company financially secure online ... Buy this book today!

About the authors

The authors are members of the Application Security Team at Paladion, a consultancy based in Bangalore and Mumbai. One of the services in which Paladion specialises is assisting financial institutions in developing robust and effective systems of security management. Paladion carries out application security testing and, in the course of their work, the authors have tested a combined total of over a thousand banking applications.

 

Pages: 195
Format: eBook
Published Date: 19 February 2009

Availability: Always Available

To write review for this product Click here

RELATED PRODUCTS