mailing list archives
RE: Internet based banking applications security
From: "Griffiths, Ian" <Ian.Griffiths () liv-coll ac uk>
Date: Wed, 12 May 2004 09:31:55 +0100
I'd guess that a major issue at the moment is users being fooled in to entering their details in to a nefarious web
application which looks authentic but of course is not. I'm not sure if discussion of this would be beyond the scope
of the list.
From: Amit Sharma [mailto:amit.sharma () linuxwaves com]
Sent: Wed 12/05/2004 03:39
To: webappsec () securityfocus com
Subject: Internet based banking applications security
I have been auditing a local Internet Bank's website in my area for a while now.
OWASP and this mailing list provides excellant resource for looking at web apps security from a technical
perspective; SQL injections, cross-site issues and like wise.
However, am sure there are domain specific security issues including social engineering, audit trail ones,
outsourcing control requirements etc, into core of these web applications and developing an insight would improve
security tremendously. Typical applications that now have web front end include balance inquiry, funds transfer, bill
payment, transaction information, loan application.
Any directions will be welkome.