Security Testing of an Online Banking Service

  • Andra L. M. dos Santos
  • Giovanni Vigna
  • Richard A. Kemmerer
Part of the Advances in Information Security book series (ADIS, volume 2)


Online banking and electronic commerce have become an everyday reality for millions of users. Almost every large banking institution offers services such as account management, fund transfers, automatic payments, and investments through the Internet. The quality of the provided services has become a driving factor in user selection of a banking institution. Given the critical nature of the services provided, banks and financial institutions are investing substantial resources in the implementation of sophisticated financial applications that are appealing to the end-user. In the design and implementation of these applications developers face a trade-off between user-friendliness and security.


Control Digit Branch Number Account Number Security Test Online Banking 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Bellovin, 1990]
    Bellovin, S. (1990). Security Problems in the TCP/IP Protocol Suite.Computer Communications Review19(2).Google Scholar
  2. [Bisbey et al., 1975]
    Bisbey, R., Popek, G., and Carlstadt, J. (1975). Inconsistency of a Single Data Value Over Time. Technical Report ISI/SR-75–4, USC Information Sciences Institute.Google Scholar
  3. [Dean et al., 1996]
    Dean, D., Felten, E., and Wallach, D. (1996). Security: From HotJava to Netscape and Beyond. InProceedings of the IEEE Symposium on Security and Privacy. Google Scholar
  4. [Dittrich, 1999]
    Dittrich, D. (1999). The DoS Project’s “trinoo” distributed denial of service attack tool.
  5. [dos Santos, 1997]
    dos Santos, A. (1997). Another way to exploit local classes in Java. Risks 19.41.Google Scholar
  6. [Freier et al., 1996]
    Freier, A., Karlton, P., and Kocher, P. (1996). The SSL Protocol Version 3.0. INTERNET-DRAFT.Google Scholar
  7. [Ghosh, 1998]
    Ghosh, A. K. (1998).E-Commerce Security: Weak Links Best Defenses. John Wiley and Sons.Google Scholar
  8. [Lindholm and Yellin, 1999]
    Lindholm, T. and Yellin, F. (1999).The Java Virtual Machine Specification.Addison- Wesley, 2nd edition.Google Scholar
  9. [Paoli et al., 1998]
    Paoli, F. D., dos Santos, A., and Kemmerer, R. (1998).Web BrowsersS and er Scienecurityvolume 1419 ofLecture Notes in Computcepages 235–256. Springer-Verlag.Google Scholar

Copyright information

© Springer Science+Business Media New York 2001

Authors and Affiliations

  • Andra L. M. dos Santos
    • 1
  • Giovanni Vigna
    • 1
  • Richard A. Kemmerer
    • 1
  1. 1.Reliable Software Group Department of Computer ScienceUniversity of CaliforniaSanta Barbara

Personalised recommendations