Exploiting Payment Gateway Integration null Dubai Meet 18 November 2016 November Meet
Abstract
Exploiting payment gateway integration (35 Minutes)
- Introduction (5 Min)
- Recent Security Breaches (2 Min) a. Root cause
- Various Approaches for Exploitation (10 Min) a. Price Manipulation b. Payment Gateway Response Manipulation c. Direct 'success API' attack; via referral injection d. Disabling Client Side (web browser level) Validations e. Attacking Refund API's f. Header Manipulation (test server Redirect) g. Currency Manipulation
- Limitations of Payment Gateway Industry/ Design Gaps (5 Min) a. Absence of CSRF tokens and S2S Validations b. Coupons and offers??
- How to Secure? (3 Min) a. Don’t RUN from PCI-DSS compliance!! b. Secure S2S validations and Real-time Reconciliation
- Demo (5 Min)
- Questions (5 Min)
Speaker
Timing
Starts at Friday November 18 2016, 05:45 PM. The sessions runs for about 1 hour.