Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Code Review for Critical Application e.g Internet banking

from [Andrew Chong] Network Security [Permanent Link]
Subject: RE: Code Review for Critical Application e.g Internet banking
Date: Fri, 21 Jul 2006 22:44:50 +0800 

http://www.owasp.org/

Regards,

Andrew Chong (Singapore), cissp

-----Original Message-----
From: John Greiter [mailto:irm@iinet.net.au] 
Sent: Friday, July 21, 2006 9:11 PM
To: webappsec@securityfocus.com
Subject: Code Review for Critical Application e.g Internet banking



Guys, 
 
I am thinking whether I can get a sample code or maybe a framework that
demonstrate the following:
- Authenticate user 
- How to move around between pages securely
- Idle period (automatic log off), etc
 
I am also looking for a baseline that describes the minimum or the
standard requirement for critical web application e.g. Internet Banking.
For instance I noticed that in most of the internet banking, the user is
required to enter the password by clicking the button in the sites, I
guess the reason to do such thing is to prevent key logger attack. 
 
Does anyone know where I can get such things? 
 
Thanks,
 
GG

------------------------------------------------------------------------
-
Sponsored by: Watchfire

AppScan 6.5 is now available! New features for Web Services Testing, 
Advanced Automated Capabilities for Penetration Testers, PCI Compliance 
Reporting, Token Analysis, Authentication testing, Automated JavaScript 
execution and much more. 
Download a Free Trial of AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=70150000000CYkc
------------------------------------------------------------------------
-

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.3/394 - Release Date:
7/20/2006
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.3/394 - Release Date:
7/20/2006
 


-------------------------------------------------------------------------
Sponsored by: Watchfire

AppScan 6.5 is now available! New features for Web Services Testing, 
Advanced Automated Capabilities for Penetration Testers, PCI Compliance 
Reporting, Token Analysis, Authentication testing, Automated JavaScript 
execution and much more. 
Download a Free Trial of AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=70150000000CYkc
-------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Code Review for Critical Application e.g Internet banking, John Greiter
Next by Date:  Re: Cookies as the second factor, Peter Watkins
Previous by Thread:  Code Review for Critical Application e.g Internet banking, John Greiter
Next by Thread:  Re: Code Review for Critical Application e.g Internet banking, mike
Indexes:  [Date] [Thread] [Top] [All Lists]