WebApp Sec mailing list archives
Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications)
From: "Martin O'Neal" <martin.oneal () corsaire com>
Date: Tue, 15 Jul 2008 14:02:47 +0100
Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications) By Adam Boulton, Stephen De Vries, Kevin O'Reilly, July 15, 2008 This paper draws attention to how the use of common programming APIs and practices could lead to flaws in the processing of numeric data, which could in-turn allow attackers to manipulate the outcome of transactions or otherwise interfere with the accuracy of calculations. It discusses the technical vulnerabilities typically observed in both the validation and processing of numeric data that could expose an organisation to unmanaged risk. It is intended for a technically literate audience involved in developing or testing financial applications, and to provide technical insight to those responsible for their management. The vulnerabilities are presented with source code examples, suggestions on how to identify the flaws during the testing phases and recommendations for mitigating the risk. http://research.corsaire.com/whitepapers/technical.html ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications) Martin O'Neal (Jul 15)