RB system testing
RB systems testing mean the opportunities revealing for unauthorized access to information stored, processed and transmitted in the customer’s RB systems.
It helps to timely detect vulnerabilities, which exploitation may cause financial and reputational damage to the customer.
The main testing goals:
- Identify vulnerabilities, contributing to preconditions for unauthorized access to confidential data. Analyze the most probable ways of obtaining unauthorized access to data, including unauthorized changes to the data stored, processed and transmitted in the customer’s RBS systems.
- Develop the recommendations and suggestions list in order to improve the customer’s remote banking systems security.
• IInternet hacker
• IEmployee (manager)
• IEmployee (administrator)
- We recommend to test BS systems while using black and gray box methods, as well as testing mobile apps, if any. This allows to reveal a larger vulnerabilities number, including RBS system operation logic itself.
General project plan
RBS preliminary data collection.
OS types and versions, network services and RBS components determination.
Revealing vulnerabilities in the remote banking system (automated and manual methods).
Attacks simulation on the remote banking system.
Report and recommendations provision for subsequent vulnerabilities removal. Mobile apps security assessment.