Cantitate/Preț
Produs

Security Testing Handbook for Banking Applications

Autor Arvind Doraiswamy, Sangita Pakala, Nilesh Kapoor
en Limba Engleză Paperback – 31 ian 2009
Attackers are increasingly focusing their attention on the application layer; visionary banks have responded by proactively testing their entire suite of applications. It is not enough any more to test only the public facing Internet banking application. The ease with which many attacks can be carried out now requires that all applications, including internal applications, be tested. Security Testing Handbook for Banking Applications is a specialised guide to testing a wide range of banking applications. The book is intended as a companion to security professionals, software developers and QA professionals who work with banking applications. The book is a manual for compliance with current and future regulatory compliance requirements; it may also be seen simply as a practical and comprehensive guide to best practice application security to support every person involved in this field.The authors are all part of a large Application Security team at Paladion; between them they have tested over three hundred banking applications. Within this book the authors share their experiences of using a structured approach to security testing, look at the checklist used for testing, discuss different banking applications and see how these can be tested effectively.
Citește tot Restrânge

Preț: 37262 lei

Nou

Puncte Express: 559

Preț estimativ în valută:
7133 7415$ 5914£

Carte tipărită la comandă

Livrare economică 03-10 februarie 25

Preluare comenzi: 021 569.72.76

Specificații

ISBN-13: 9781905356829
ISBN-10: 190535682X
Pagini: 200
Dimensiuni: 140 x 216 x 12 mm
Greutate: 0.26 kg
Editura: It Governance Ltd
Locul publicării:United Kingdom

Cuprins

Introduction 1 The threat landscape 2 Defences employed 3 Goal of the book 5 Chapter 1: Approach to Security Testing 7 Preparing the threat profile 9 Preparing the test plan 12 Chapter 2: Basic Tests and Techniques 17 SQL injection 18 Cross-site scripting (XSS) 20 Cross-site request forgery (CSRF) 21 Directory brute forcing/Searching for defaults 23 Weak authorisations 24 Weak session management 2625 Sensitive data in browser cache 2827 Over-reliance on client-side validation 29 Unencrypted traffic 30 Unhardened database 3130 Weak password policies 32 Poor error-handling mechanisms 3332 Chapter 3: The Tools of the Trade 35 Web applications 35 Thick-client applications 55 Terminal services applications 67 Intercepting Java applets 69 Embedded application 70 Web services application 70 Mobile applications 72 Chapter 4: Security Testing Repository 75 Generic threat profile and test plan 76 Core banking 79 Internet banking 87 Web trading 98 Derivatives trading 103 Credit card payment management applications 107 Debit card management system 112 Mutual funds management 116 Loan management application 120 Cheque management application 125 Overdraft calculator application 130 Adjustments and waivers application 134 Online remittance application 138 Account opening tracker 143142 Back-office trading application 146 Electronic payment switch 149 Cash depositor 153152 Teller automation machines 156155 ATM reconciler application 161160 Balance viewer terminals 165164 Customer care centre application 168167 Interactive voice response system 171170 Fraud detection software 175174 Chapter 5: Emerging Trends 181 Emerging landscape of applications 181 New attacks on the horizon 182 ITG Resources 185