Pólo Zero Passeio dos Clérigos, Rua São Filipe de Nery, nº 87 - Porto
As the number of tech companies grow in our ecosystem, and security becomes more and more sensitive for any digital company, internet banking is an issue to address.
This event will be divided in two parts:
1) Masterclass: Internet banking applications’ security, with Wojtek Dworakowski
2) Discussion Panel: Internet Banking Challenges Ahead - current and future threats
Moderated by: Pedro Fortuna, Jscrambler
Panelists:
- Wojtek Dworakowski, SecuRing
- Liliana Vilela, Natixis
- Jorge Pinto, BPI
---
THE MASTERCLASS:
All internet banking applications are different but all of them share many common security features which are very specific to this domain of web and mobile applications. It is not very rare that these safeguards are incorrectly implemented leaving the internet banking application vulnerable.
In this sessions, multiple case studies and attack scenarios characteristic to internet banking will be addressed. Common vulnerabilities will be addressed and recommendations on how to properly implement security features will be provided.
Among others, transaction authorization, limits, notifications, authorization schemes, trusted recipients, two-factor authentication will be discussed. Recent challenges like PSD2 and API access to banking systems will be covered. The agenda will include:
Security features of contemporary internet banking.
Examples of vulnerabilities in implementation of these safeguards (logical and technical flaws) and recommendations.
Upcoming changes due to PSD2 implementation (Payment Initiation Services, Account Information Services, Strong Customer Authentication)
---
DISCUSSION PANEL:
In this discussion panel, we will explore how threats to Internet banking have evolved in the last couple of years, what banks are doing to address them and what they are lacking in order to effectively mitigate them. With the help of the panelists and the attendees, we'll try to answer questions such as:
What has changed in the last couple of years? Are changes in the economics of malware promoting changes in how attacks are being perpetrated? What are the new types of attacks?
Is the threat landscape changing due to recent European regulation like the PSD2 or even the GDPR?
We'll delve on the challenges in adopting these regulations from a security point of view, but also from an organizational perspective.
Are banks are embracing Responsible Disclosure as a way to scale their application security efforts and reduce the risk of compromises? Should they? What about (private) bug bounties?
---
AGENDA:
10h-11h20 - Masterclass: Internet banking applications’ security with Wojtek Dworakowski
11h20-11h40 - Coffee Break
11h40-13h - Discussion Panel: Internet Banking Challenges Ahead - current and future threats
Recomendamos que confirme toda a informação junto do promotor oficial deste evento. Por favor contacte-nos se detectar que existe alguma informação incorrecta.
