RE: Internet based banking applications security

["Griffiths, Ian" <Ian.Griffiths () liv-coll ac uk>]

I'd guess that a major issue at the moment is users being fooled in to entering their details in to a nefarious web 
application which looks authentic but of course is not.  I'm not sure if discussion of this would be beyond the scope 
of the list.
 
Ian

        -----Original Message----- 
        From: Amit Sharma [mailto:amit.sharma () linuxwaves com] 
        Sent: Wed 12/05/2004 03:39 
        To: webappsec () securityfocus com 
        Cc: 
        Subject: Internet based banking applications security
        
        




        Hi List,
        
        I have been auditing a local Internet Bank's website in my area for a while now.
        OWASP and this mailing list provides excellant resource for looking at web apps security from a technical 
perspective; SQL injections, cross-site issues and like wise.
        
        However, am sure there are domain specific security issues including social engineering, audit trail ones, 
outsourcing control requirements etc, into core of these web applications and developing an insight would improve 
security tremendously. Typical applications that now have web front end include balance inquiry, funds transfer, bill 
payment, transaction information, loan application.
        
        Any directions will be welkome.
        
        Gracias,
        Amit