Fabrice Marie
April 21, 2005
Presentation Title: Hacking Internet Banking Applications
Presentation Details:
The general public sentiment is that the banks, having always been the guardians of our money, are expert at safeguarding it. Unfortunately, internet corporate banking and personal banking applications are usually ridden with bugs. Internet Banking Applications development is nowadays out-sourced to third party software vendors that have poor understanding of security, and incomplete quality management processes. Most of the time the applications are extremely insecure before they get audited by security professional third-parties.
This presentation will demonstrate the various attacks that almost always work (and those that do not), on your “bank-next-door” internet banking application, illustrated with real life statistics. We will outline the regular technical attacks and will focus on a hit parade of business logic attacks. We will steal money from other customers, buy shares for free, and spy on other customers bank records among many other frauds.
This demonstration will highlight the solutions to some of the challenges the banks will face online to ensure that their data handling practices are compliant with their country’s privacy regulations and banking regulations among others.
About Fabrice:
Fabrice is the manager of FMA-RMS, a small dedicated security consulting firm based in Singapore. Developer by trade for many years, he has been involved in the information security field for over 6 years. His interests are in secure programming, cryptography, open source and firewalling techniques. For the last few years he has been breaking mostly bank and telecom web applications in the Asia Pacific region, as well as performing penetration tests for them. Originally from France, Fabrice has been staying in Singapore for the last 5 years.