[WEB SECURITY] Corsaire whitepaper: Breaking the Bank (Vulnerabilities in Numeric Processing within Financial Applications)

["Martin O'Neal" <martin.oneal@xxxxxxxxxxxx>]

Breaking the Bank
(Vulnerabilities in Numeric Processing within Financial Applications)

By Adam Boulton, Stephen De Vries, Kevin O'Reilly, July 15, 2008

This paper draws attention to how the use of common programming APIs and
practices could lead to flaws in the processing of numeric data, which
could in-turn allow attackers to manipulate the outcome of transactions
or otherwise interfere with the accuracy of calculations. 

It discusses the technical vulnerabilities typically observed in both
the validation and processing of numeric data that could expose an
organisation to unmanaged risk. It is intended for a technically
literate audience involved in developing or testing financial
applications, and to provide technical insight to those responsible for
their management. 

The vulnerabilities are presented with source code examples, suggestions
on how to identify the flaws during the testing phases and
recommendations for mitigating the risk.

http://research.corsaire.com/whitepapers/technical.html


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA