NOV. 3 – 8, 2019
POTSDAM, GERMANY

EUROPE'S GREATEST AGILE SOFTWARE TESTING FESTIVAL!

The security issue that killed a financial product launch

That was missed by the professional penetration testers and security 'experts'.

Security issues can be identified using the stock-and-trade critical thinking skills of a tester.

Some time ago I had the pleasure of taking part in a security bug hunt for a new financial product. This was a product ready to go to market, a product that had passed all penetration tests and was now being handed to a crowd of external testers for a final attempt to 'hack' the product.

Against all their confidence I was able to 'hack' that product and use funds to which I should not have had access. However, once I reported the vulnerability, I wasn't believed and I was asked to repeat the 'hack' multiple times until the 'experts' believed I was achieving what I was reporting - they simply couldn't believe that their penetration test result was wrong.

Like many security talks I will tell you all about the tool I used to perform this 'hack'; Unlike many security talks this is not a tool you can install, rent or puchase - because it's my brain, but your brain is capable of doing the same.

 


More Related Sessions


Full-Day Tutorial (6-hour Workshop)

9:00-17:00

When Data Becomes Code

Equipment required

Full-Day Tutorial (6-hour Workshop)

9:00-17:00

When Data Becomes Code

Equipment required

30-minute Talk

11:55-12:25 Room F3 - Track 3: Talks

HACKING - BRIDGING THE GAP & GOING BEYOND TO FIGHT BLACK-HAT

Equipment required

30-minute Talk

11:55-12:25 Room F3 - Track 3: Talks

HACKING - BRIDGING THE GAP & GOING BEYOND TO FIGHT BLACK-HAT

Equipment required

Other Events:

Your privacy matters

We use cookies to understand how you use our site and to give you the best experience on our website. If you continue to use this site we will assume that you are happy with it and accept our use of cookies, Privacy Policy and Terms of Use.