How to Rob an Online Bank (and get away with it) - Acros Security

More documents

Recommendations

Info

SQL Injection – Messing With Transactions”BEGIN TRANSACTION””UPDATE accounts SET balance = 0WHERE account_id = ’123’””UPDATE accounts SET balance = 100WHERE account_id = ’456’””COMMIT TRANSACTION”30
SQL Injection – Messing With Transactions”BEGIN TRANSACTION””UPDATE accounts SET balance = 0WHERE account_id = ’123’””UPDATE accounts SET balance = 100WHERE account_id = ’456’ ORaccount_id = ’123’””COMMIT TRANSACTION”31
Page 4 and 5: Evolution Of E-banking AttacksPAST-
Page 6 and 7: Attacks Against Corporate UsersGoal
Page 8 and 9: Example: Published Corporate Certif
Page 10 and 11: Direct ResourceAccess10
Page 12: Direct Resource Access - URL Base64
Page 15 and 16: Transaction Creation ProcessI want
Page 17 and 18: Negative Numbers - A Devastating Ov
Page 19 and 20: Creating Money Out Of Thin AirNorma
Page 21 and 22: Normal OverdraftAccount #1:Account
Page 23 and 24: Luca Carettoni & Stefano di Paolaht
Page 25 and 26: HTTP Parameter Pollution(Source Acc
Page 27 and 28: SQL Injection27
Page 29: SQL Injection - Messing With Transa
Page 33 and 34: Automated Signing Of Deposit Agreem
Page 35 and 36: Server-Side Code ExecutionExamples
Page 37 and 38: Other Attacks• Session Puzzling
Page 40 and 41: Knownat leastsince2001Asymmetric Cu
Page 43 and 44: http://blog.acrossecurity.com/2012/
Page 45 and 46: Apply45
Page 47 and 48: Apply: Bankers - Long Term• “Ph
Page 49: Mitja KolsekACROS d.o.o.www.acrosse

How to Rob an Online Bank (and get away with it) - Acros Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?