OWASP Scotland Virtual Chapter Meeting - May
Date and time
Description
Participants are limited for this virtual meetup and sign-in details will be provided closer to the time.
Talks:
STÖK - @stokfredrik, youtube.com/stokfredrik
Bounty curious? How to win at bug bounties in 2020 (and stay sane)
STÖK will be providing us insight into how to approach bug bounties as a hobby in 2020, what tools most people use, why you need automation, understanding depth vs. breadth, fuzzing vs code review; and how to stay sane whilst competing against 700,000 other hackers.
Margus Lind & Daniela Schoeffmann, Context IS
Abstract
Open Banking is the UK implementation for PSD2. On top of the PSD2 regulations, Open Banking provides a detailed specification for banks and third parties to follow when communicating with one another. This allows companies (TPPs) to build their applications and integrate with online services exposed by any bank (ASPSP) in a standardised way.
With an increasing number of banks using APIs to share data, Open Banking promises better business opportunities and more robust security for customers and banks. However, implementation of publicly accessible APIs and introduction of new security models create a myriad of challenges. This makes for a wider attack surface and puts data in the hands of more companies (third party providers) who have differing approaches to customer data protection. In this talk we will cover a brief introduction to Open Banking, our experiences with testing implementations of Open Banking, as well as the technical and project management challenges we have overcome along the way. We will demonstrate the technical complexities encountered, and share some interesting discoveries made during the engagements.