Monday, August 11, 2008

Internet Banking, IDS/IPS and Application Security

I received highly-reliable reports that two large Philippine banks' online banking system were compromised. A third bank's website got vandalized. I can't divulge the names of the banks but I'm just worried about it. One of them I have a pending application for a card that I'm thinking of just not pushing through with.

one of the banks I know have expensive and sophisticated Intrusion Prevention Systems (IPS) in place since I personally know their Information Security Officer and IS Auditors. But their "pride" took a beating at this latest problem of theirs.

I would like to point out that no amount of obscurity, Firewalls and IPS/IDS can ever compensate for a poorly designed online banking application.

Web application security is still not a hot topic here for a simple SQL injection attack can access confidential information there.

2 comments:

  1. OMG, can you PM me, i've been doing ebanking, this scares me!

    ReplyDelete
  2. freeze, nothing to worry about except your money :P the bank absorbed everything just to not anybody know about it. reputational risk :(

    ReplyDelete