Академический Документы
Профессиональный Документы
Культура Документы
The Consumer
Of consumers have a
80% smart phone and high-
speed internet
Source: TWIMBIT
• Consolidated View of Finances
• Trusted for Impartiality
• Achieve Discrete Financial Goals
Suntrust’s Bank A/C Cash Out Method
This method will take about one week to complete. You will need the following:
1) Hacked SunTrust’s Bank account
2) An email account
Open a mint.com account and add the bank account using the
3) PayPal account
4) AccountNow account (or any internet bank account)
username/password. This will:
First off get yourself a hacked bank account from somewhere. Even though this is a small
1) Check if the account is still live
cash out amount, buy a larger balance account around $5,000. People with plenty of cash in
the bank tend to check up on it less often. You do not need to enter the actual account.
2) Let you seeOpen
thea mint.com
balance ofandthe
account add accounts, andthe username/password. This
the bank account using
will
3) If needed, let you check for deposits from PayPal to connect a new account.
1) Check if the account is still live,
2) Let you see the balance of the accounts, and
3) If needed, let you check for deposits from PayPal, as well as to keep an eye on it.
Research the background of account holder and get their SSN from
ssnvalidator.com
Real names, usernames and shoe size combo was sold for USD 300
https://techcrunch.com/2019/08/03/stockx-hacked-millions-records/
Data Driven Transformation
Propelling Partnership
Monetization
#apinetworks
#openbanking
We Live in a World of Breaches! Oct 2018
Github
Oct 2018
Dec 2018
Facebook
Quoine Jun 2019
Nov 2018
Apr 2019
Venmo
City of New York Tchap
Sep 2018
Attack Basic Security Fails Messaging App
Facebook Nov 2018
Apr 2019
1. Mobile Apps 1. Authentication Urban Massage Nagios XI
Sep 2018
2. Direct APIs 2. Injection British Airways Feb 2019
Uber
Mar 2018
Apr 2019
3. Permissions Binance Portainer Docker Tool
Aug 2018
SalesForce Feb 2019
Drupal’s RESTful
Oct 2018
Sep 2011 Mar 2015 Jan 2018 Jul 2018 Girl Scouts Feb 2019
API
Merchant
API
Attacker
2019 - 2020
OWASP API Top 10 2019
25
20
15
10
0
Broken Broken Object Broken Function Lack of Security Excessive Data Mass Improper Assets Injection Insufficient
Authentication Level Level Resource and Misconfiguration Exposure Assignment Management Logging and
Authorization Authorization Rate Limits Monitoring
• Stolen API keys used to
compromise clouds
• Unauthenticated Internal APIs
led to loss of confidential data
• APIs allowed validation of
stolen credentials
• Administrative API endpoint
could be guessed and
accessed without proper
authorization
Secure APIs Authentication Validate
Rate Limit
equally & Authorization Payload
Lookout for
Version Log and
Confidential Encryption
Control Monitor
Information
Automate
• Consumer wants to finds a
Data Holder new a application to manage
funds
A A
GW GW
A
B B
GW GW
B
GW GW
C C
C
CP
DEVELOPERS
Measuring Success For #apinetworks
VISIBILTY,
INSIGHTS &
ORCHESTRATION
TELEMETRY TELEMETRY
Future App / Web Ingress API Load App DNS DDoS CDN Device User Future
Service server controller gateway balancer security fingerprint identity & services
Code behavior Customer
https://www.f5.com/solutions/banking-and-financial-services https://www.f5.com/labs