Exploiting payment gateway integration (35 Minutes)

  1. Introduction (5 Min)
  2. Recent Security Breaches (2 Min) a. Root cause
  3. Various Approaches for Exploitation (10 Min) a. Price Manipulation b. Payment Gateway Response Manipulation c. Direct 'success API' attack; via referral injection d. Disabling Client Side (web browser level) Validations e. Attacking Refund API's f. Header Manipulation (test server Redirect) g. Currency Manipulation
  4. Limitations of Payment Gateway Industry/ Design Gaps (5 Min) a. Absence of CSRF tokens and S2S Validations b. Coupons and offers??
  5. How to Secure? (3 Min) a. Don’t RUN from PCI-DSS compliance!! b. Secure S2S validations and Real-time Reconciliation
  6. Demo (5 Min)
  7. Questions (5 Min)




Starts at Friday November 18 2016, 05:45 PM. The sessions runs for about 1 hour.