The Online Banking Assessment is designed to assess the security posture of your Internet banking application. Our engineers will examine your Internet banking application for implementation of industry best practices and perform a technical review to exploit known vulnerabilities and configuration errors. Open Source tools will be utilized to gather information and identify potential vulnerabilities. Manual techniques will then be used to verify the reported results.
SCA will evaluate your application to ensure that it is compliant and conforms to industry best practices. Testing will include HTTP, SQL, and other application injection techniques. The team will also validate multi-factor authentication, if applicable, and perform a systems assessment to ensure that the web server has the appropriate access controls and does not allow unauthorized access.
Testing will be conducted with and without user accounts. The purpose of testing with supplied user accounts is to validate that the application is configured appropriately and does not allow the account holder to manipulate other accounts. Testing is then performed without an ID to ensure that the application cannot be “brute forced” into providing fraudulent access. The server is also tested at this time to validate that there are no known vulnerabilities and/or mis-configurations.
To assist you in securing your online banking application, the results will be evaluated and false positives will be removed. This produces a useful report that can be used to resolve problems. We will never provide a report that has been auto generated by a tool. Those reports tend to be extremely long and full of false positives. Our value is providing you with useful information that will help you protect your sensitive information NOW.
Microsoft yesterday issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death."
Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server. While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators.
Hackers flying the AntiSec banner today released what they said was 400 megabytes of internal data from a government cybersecurity contractor, ManTech, as part of their campaign to embarrass the FBI every Friday, as well as target other government agencies and their partners.
The U.S. Attorney's Office in Houston has brought charges against four men for stealing more than $400,000 as part of an ATM skimming scam targeting local banks.
Morgan Stanley Smith Barney is the latest company behind Sony and Epsilon to have its customers' personal data compromised.
A gang that made more than $72m (£45m) peddling fake security software has been shut down in a series of raids.
