The security issue that killed a financial product launch

That was missed by the professional penetration testers and security 'experts'.

Security issues can be identified using the stock-and-trade critical thinking skills of a tester.

Some time ago I had the pleasure of taking part in a security bug hunt for a new financial product. This was a product ready to go to market, a product that had passed all penetration tests and was now being handed to a crowd of external testers for a final attempt to 'hack' the product.

Against all their confidence I was able to 'hack' that product and use funds to which I should not have had access. However, once I reported the vulnerability, I wasn't believed and I was asked to repeat the 'hack' multiple times until the 'experts' believed I was achieving what I was reporting - they simply couldn't believe that their penetration test result was wrong.

Like many security talks I will tell you all about the tool I used to perform this 'hack'; Unlike many security talks this is not a tool you can install, rent or puchase - because it's my brain, but your brain is capable of doing the same.

 


Related Sessions


  • Tutorial
  • Keynote
  • Talk
  • Workshop
  • Combo
  • Bonus
  • Active
  • Social

30-min New Voice Talk

10:25-10:55 Room F1 - Track 1: Talks

Security Awareness "The Hackers Eyes"

Equipment required

30-minute Talk

11:55-12:25 Room F3 - Track 3: Talks

HACKING - BRIDGING THE GAP & GOING BEYOND TO FIGHT BLACK-HAT

Equipment required

Full-Day Tutorial (6-hour Workshop)

9:00-17:00

When Data Becomes Code

Equipment required

Full-Day Tutorial (6-hour Workshop)

9:00-17:00

Web Application Security

Equipment required

If you like the Agile Testing Days Conference you might also like: