Security Testing Handbook for Banking Applications

Attackers are increasingly focusing their attention on the application layer; visionary banks have responded by proactively testing their entire suite of applications. It is not enough anymore to test only the public facing Internet banking application. The ease with which many attacks can be carried out now requires that all applications, including internal applications, be tested.

Security Testing Handbook for Banking Applications is a specialised guide to testing a wide range of banking applications. The book is intended as a companion to security professionals, software developers and QA professionals who work with banking applications.

The book is a manual for compliance with current and future regulatory compliance requirements; it may also be seen simply as a practical and comprehensive guide to best practice application security to support every person involved in this field.

The authors are all part of a large Application Security team at Paladion; between them they have tested over three hundred banking applications. Within this book the authors share their experiences of using a structured approach to security testing, look at the checklist used for testing, discuss different banking applications and see how these can be tested effectively.

About the Authors

Arvind Doraiswamy leads Paladions R&D team for Application Security. Arvind has tested 100+ banking applications and continuously refines the techniques used by Paladion to improve the quality of testing. He also contributes to a security testing database.

Sangita Pakala is the Project Director for the Application Security practice at Paladion. Sangita is the lead author of the OWASP Application Security FAQ, and co-author of Application Security in the ISO 27001 Environment from ITGP. She has been invited to present at the RSA Conference 2006 and ISACA Europe 2005.

Nilesh Kapoor is a Project Leader in Paladions Application Security Testing team. Nilesh has tested 30+ applications including core banking applications, RTGS and ATM systems.

Prashant Verma is a Project Leader in Paladions Application Security Testing team. Prashant has tested 30+ applications including Internet banking, fraud monitoring and teller automation applications.

Praveen Singh is a senior security engineer in Paladions Application Security Testing team. Praveen has tested 30+ applications including payment systems, debit card management systems, loan management applications and core banking applications.

Raghu Nair is a senior security engineer in Paladions Application Security Testing team. Raghu has tested 30+ applications including credit card management systems, derivatives trading applications and core banking applications.

Sangita Pakala is the Project Director for the Application Security practice at Paladion. Sangita is the lead author of the OWASP Application Security FAQ, and co-author of Application Security in the ISO 27001 Environment from ITGP. She has been invited to present at the RSA Conference 2006 and ISACA Europe 2005.

Shalini Gupta is the Project Manager for Banking and Finance at Paladion. She has tested 100+ banking applications for security in the last three years. Her team has tested 400+ banking applications for 30 banks in the last seven years.