IDRBT Workshop @ Secure Coding Practices

-

          IDRBT is conducting a short-term course on ‘Secure Coding Practices’, helmed by Dr.V.Radha.

          The duration of the fully residential program is 5 days and the next program is from January 01 to January 05, 2018.

          Background:

          The preferred access for bank customers is moving from offline mode to online mode. The numbers of bank customers accessing their bank accounts through their own devices is higher than the bank customers visiting bank branches.

          This places an enormous responsibility on Banks Information Technology team to protect the Banks digital channels from unauthorized access.

          IDRBT program on Secure Coding Practices is a step in that direction.

Banks are under stress to open APIs, develop new Applications for customers as well as employees around their core banking. Building new apps around core banking without proper understanding of OWASP top 10 security vulnerabilities like SQL Injection, Remote Code Execution etc might put the bank in higher risk zone.

Whether the bank develops the application on its own or buys it, it is advisable for the bankers to understand the OWASP vulnerabilities, how do they manifest and what are the remedial measures. For majority of the attacks, bad programming is the sole source of problem.

Security experts deploy remedial measures across the entire enterprise network stack right from Web application firewalls, to end-point security. It is like making the outer wall stronger to secure the weak inner applications. None of these solutions is needed if the programs are written with security in mind.

Core Objective of the Program:-

·       To bring awareness about  OWASP top 10.
·       Discuss and demonstrate the remedial measures;
·       Automated testing of applications;
·       Code Scanning and Code Analysis

Contents

  • ·       OWASP Top 10 – Overview

  • ·       PKI for Information Security in banking services

  • ·       SSL

  • ·       Web Application Security

  • ·       Cross Site Scripting and remedial measures

  • ·       Database Security

  • ·       SQL Injection and Remedial Measures

  • ·       Remote Code Execution – Buffer Overflow Attacks and remedial Measures

  • ·       Session Hijacking and remedial Measures

  • ·       Insecure Authentication and remedial Measures

  • ·       Insecure Data Storage and remedial measures

  • ·       Weak Encryption and remedial measures

  • ·       Testing Overview

  • ·       Automated Testing tools

  • ·       Secure Coding


OWASP is an active body advocating open standards  in the Application Security space.

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.

OWASP mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.

Everyone is free to participate in OWASP. OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.

OWASP Top 10 vulnerabilities ::
A1:2017 - Injection
A2:2017 - Broken Authentication
A3:2017 - Sensitive Data Exposure
A4:2017 - XML External Entities (XXE)
A5:2017 - Broken Access Control
A6:2017 - Security Misconfiguration
A7:2017 - Cross-Site Scripting (XSS)
A8:2017 - Insecure Deserialization
A9:2017 - Using Components with Known Vulnerabilities
A10:2017 - Insufficient Logging & Monitoring…

Comments

Post a Comment

Popular posts from this blog

CERTIFICATE EXAMINATION IN INTERNATIONAL TRADE FINANCE

-
Image
          This certification is essential for all members of a Bank Trade Finance Department.   The syllabus covers key aspects required by team members to effectively discharge their duties. Trade Finance is one of the traditional forms of bank finance in India. In view of reforms and liberalisation, this has gained a new significance.   Many of the practices in trade finance have evolved over a period of time and some are guided by Ministry of Commerce and Reserve Bank of India, besides WTO and International Chamber of Commerce through UCPDC 600. With the increase in the volume of trade both domestically and internationally, there is a need for trade finance professionals from banks as well as corporates. The Objectives of this IIBF Examination is as under:   (i) To provide candidates with competencies required to function as trade finance practitioners. (ii) To enable candidates to possess the needed skill and knowledge to understand clients' needs
Read more

IIBF-Certificate Examination in Foreign Exchange Facilities for Individuals

-
          The primary objective this IIBF course is to make the branch officials familiar with the FEMA provisions that impact their day to day functioning at the branch level.     This exam is being introduced pursuant to the recommendation of a committee of RBI.           Normally foreign exchange transactions pertaining to individuals are handled at branches only and are not referred to specialised forex cells.           The course covers ‘Foreign Exchange Facilities for individuals under FEMA1999’ RBIs FAQs’ on Forex Facilities for Residents (Individuals) (updated up to November 21, 2014) For full details refer to Reserve Bank of India website: Introduction : The legal framework for administration of foreign exchange transactions in India is provided by the Foreign Exchange Management Act, 1999. Under the Foreign Exchange Management Act, 1999 (FEMA), which came into force with effect from June 1, 2000, all transactions involving forei
Read more

IIBF introduces Self-Paced E-learning courses (SPeL) for its two certificates

-
Image
          Indian Institute of Banking Finance (IIBF) has taken a quantum leap in disseminating knowledge to its members and non-members.           IIBF in April 2019, introduced the Self-Paced E-learning courses (SPeL) concept for banking enthusiasts to be familiar with banking concepts.           In the first stage, IIBF has launched   two certificate courses i.e 1. Digital Banking and 2. Ethics in Banking.           The objective of this self-paced e-learning mode are as follows: • Participants can make the best use of his or her time, in order to meet his or her learning objectives. • Participants can access the course   anywhere/anytime with an internet connection. • Participants need not travel to give their examinations. It saves time and money of the participants. • Opportunity to individuals to obtain new certifications; improve their knowledge in the subject. • With self-paced learning, subjects can be thought in different learning styles. Part
Read more