Security Testing Handbook for Banking Applications

Security Testing Handbook for Banking Applications

by Arvind Doraiswamy, Sangita Pakala, Nilesh Kapoor, Prashant Verma, Praveen Singh, Raghu Nair, Shalini Gupta
Released February 2009
Publisher(s): IT Governance Publishing
ISBN: 9781905356829

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Security Testing Handbook for Banking Applications is a specialised guide to testing a wide range of banking applications. The book is intended as a companion to security professionals, software developers and QA professionals who work with banking applications.

Table of contents

  1. Foreword
  2. About the Authors
  3. Introduction
    1. The threat landscape
    2. Defences employed
    3. Goal of the book
  4. Chapter 1: Approach to Security Testing
    1. Preparing the threat profile
    2. Preparing the test plan
  5. Chapter 2: Basic Tests and Techniques
    1. SQL injection
    2. Cross-site scripting (XSS)
    3. Cross-site request forgery (CSRF)
    4. Directory brute forcing/Searching for defaults
    5. Weak authorisations
    6. Weak session management
    7. Sensitive data in browser cache
    8. Over-reliance on client-side validation
    9. Unencrypted traffic
    10. Unhardened database
    11. Weak password policies
    12. Poor error-handling mechanisms
  6. Chapter 3: The Tools of the Trade
    1. Web applications
    2. Thick-client applications (1/3)
    3. Thick-client applications (2/3)
    4. Thick-client applications (3/3)
    5. Terminal services applications
    6. Intercepting Java applets
    7. Embedded application
    8. Web services application
    9. Mobile applications
  7. Chapter 4: Security Testing Repository
    1. Generic threat profile and test plan
    2. Core banking (1/2)
    3. Core banking (2/2)
    4. Internet banking (1/3)
    5. Internet banking (2/3)
    6. Internet banking (3/3)
    7. Web trading
    8. Derivatives trading
    9. Credit card payment management applications
    10. Debit card management system
    11. Mutual funds management
    12. Loan management application
    13. Cheque management application
    14. Overdraft calculator application
    15. Adjustments and waivers application
    16. Online remittance application
    17. Account opening tracker
    18. Back-office trading application
    19. Electronic payment switch
    20. Cash depositor
    21. Teller automation machines
    22. ATM reconciler application
    23. Balance viewer terminals
    24. Customer care centre application
    25. Interactive voice response system
    26. Fraud detection software
  8. Chapter 5: Emerging Trends
    1. Emerging landscape of applications
    2. New attacks on the horizon
  9. ITG Resources
    1. Pocket Guides
    2. Toolkits
    3. Best Practice Reports
    4. Training and Consultancy
    5. Newsletter

Product information

  • Title: Security Testing Handbook for Banking Applications
  • Author(s): Arvind Doraiswamy, Sangita Pakala, Nilesh Kapoor, Prashant Verma, Praveen Singh, Raghu Nair, Shalini Gupta
  • Release date: February 2009
  • Publisher(s): IT Governance Publishing
  • ISBN: 9781905356829