A guideline for penetration testers to assess ecommerce and financial services applications.
This document summarises NCC Group’s experience of assessing ecommerce and financial services applications, providing a checklist of common security issues seen in financial services web applications.
In NCC Group’s experience, one of the best ways to identify the business logic and application-specific security issues early in the development lifecycle is to write down all the rules (dos and don’ts) both for the business processes and the supporting software and systems. These rules can then be used to create a threat model.
Update to version 1.1: 29 January 2016
Update to version 2.0: 10/04/2019
Further resources:
Research Insights: Volume 1 – Sector Focus: Financial Services