Penetration Testing mailing list archives
RE: Online Fraud Protection
From: "Craig Wright" <cwright () bdosyd com au>
Date: Tue, 27 Jun 2006 11:49:39 +1000
Hello, Online fraud detection and prevention is not the same as information systems security. Different technologies, different processes and they have some small overlap in controls - but this is all. The use of CAATs to analyse data is far more important in this than any standard IS security measures. Next this is far form a "pen-test list" question. There are completely different and unrelated skills involved with breaking into systems and to designing a data analysis technique. Fraud prevention systems require that an analysis of the data and transaction is completed. This involves statistical analysis of the data. Data mining techniques are commonly employed and the use of Bayesian probability networks is common. None of the above is included in anything a pen-tester does. Regards, Craig -----Original Message----- From: Umut Inetas [mailto:inetasumut () yahoo com] Sent: Friday, 23 June 2006 4:06 PM To: pen-test () securityfocus com Subject: Online Fraud Protection Hi All; I've been reading e-mails on this site for a couple of years and it helped me so much,thanks all the people who keep this lists alive. Now i'm working for a banking comp. and we are planning deployment of anti-phising and anti-fraud services for our company. As the specified needs are: Scanning and reporting dns domain names, e-mail content, brands in web sites, company names and ssl certificates which are fraud or not. Taking precautions for fraud and phising sites We are going to advance MS new operating system (Vista) and IE7 in a near future and we have Microsoft as partner; we will need reporting to Microsoft for Microsoft's anti-phishing add-on filter or IE7's integrated anti-phishing filter to prevent people accessing detected fraud sites automatically. There are some vendors which proposed us some solutions but we haven't decided yet. As you are IT security pro. what is your advice about this case? Have you ever tested,pen-tested or experienced this kind of anti-fraud services? Thanks in advance... ------------------------------------------------------------------------ ------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------ ------ Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Re: RE: Online Fraud Protection, (continued)
- Re: books[Scanned] Davie Elliott - Eluse (Jun 27)