| Customers: Commerzbank AG Frankfurt am Main; Financial Services, Investments and Auditing Contractors: Digital Security (Digital Security guard) Product: Projects of external audit of IT and security (in tch PCI DSS and SUIB)Project date: 2013/01 - 2013/02
|
The Digital Security company completed a complex of assessment works of security of the RBS system for "Commerzbank (Eurasia)", the press service of integrator reported on February 28, 2013.
Process
The contractor carried out an inspection of the RBS system on opposition to the menacing factors and significant threats of information security. Thereby an attack of hackers on client and server parts of a system is imitated, the possibility of third-party use of the detected vulnerabilities is checked in practice. Besides, a system underwent a normal research for receiving idea of possible effects of the attack from within bank.
The procedure of the analysis included check standard and search of new program vulnerabilities and errors of system configuration (XSS, SQL injections, vulnerabilities on server side connected with buffer overflow, incorrect processing of a format of a line and others), the analysis of a role model, check of firmness of authentication these users and level of journalizing of events, the analysis of architecture. In completion of works expert evaluation of risks of the tested system was executed.
Result
According to results of the conducted researches auditors developed recommendations for increase in level of security of a system which accomplishment allowed specialists of bank to increase reliability of a system, stability concerning fraudulent activity.
"Despite of our long-term experience in area of security of banking applications, colleagues from Digital Security managed to specify to us new ways of risk reduction from vulnerabilities and to open opportunities for further improvement of RBS services" — Sergey Egorov, the chief of the cybersecurity group "Commerzbank (Eurasia)" noted.
"We thank "Commerzbank (Eurasia)" for cooperation and we hope that more and more Russian banks will follow the example of the western colleagues and to work on security of the software. Questions of bank security are especially relevant in the light of the last legislative initiatives setting more strict requirements to indemnification to clients of bank in case of a hacker or kardersky attack on them" — Ilya Medvedovsky, the director of Digital Security emphasized.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |