Forum Thread: Do you think that the supposed secure financial sites are really safe ???

Hello everyone.
My question to all who know SqlMap it is able to penetrate the databases of financial systems?

Do you think that banking systems are sophisticated enough against SQL Injections (even the blind type) to protect against the SQMAP Tool ???

Thank you for informing me because I'm really worried because I have an online bank account, and I know a little SqlMap tool but I wonder if the so-called secure sites (sites of the financial institutions for example) are really protected against this Tool sqlMap ???

Thank you for informing me.

3 Responses

Nothing is entirely secure; that's the point of Null Byte.

With that being said, I can assure you that financial institutions take every available precaution to ensure high levels of security. For instance, the Commonwealth Bank of Australia have dedicated security staff monitoring every transaction, they work closely with the federal police, and will also block suspicious transactions until they can ensure the legitimacy of them.

They use Extended Validation certificates through VeriSign with 128-bit SSL encrypted sessions; and employ regular independent security auditors who check everything from architecture and firewall configurations to web server and applications security.

And these are just a few examples of what they do for security, I only mention these things to not only point out the lengths they go, but to show you that even through all of these precautions, it can be breached. As was demonstrated recently in OTW's Hack of the Century thread.

Nothing is entirely secure.

EDIT: To answer your question though, yes. I do believe financial institutions are safe, to a very high degree.

ghost_

Nicely stated.

High profile targets such as financial institutions tend to deploy defense mechanisms that can detect and stop automated attacks like sqlmap. Thats not to say there may not be sqli vulnerabilities in these targets, and that once these vulnerabilities are discoverd that sqlmap's advanced settings couldn't be used to exploit them. It's just to say that it's highly more likely to take very skilled person(s) a significant amount of time, financial backing and manual skill with sqli to discover and exploit them. Although not much would surprise me anymore.

Share Your Thoughts

  • Hot
  • Active