-
Services
- Information Security Program (ISP)
-
Information Security Assessment Services (ISAS)
- Internal Security Assessment (ISA)
- External Vulnerability Assessment/Penetration Testing (EVA/PT)
- Physical Security Assessment (PSA)
- Remote Internal Vulnerability Assessment (R/IVA)
- Wireless Vulnerability Assessment (WVA)
- Branch Controls Assessment (BCA)
- Virtual Vulnerability Assessment (VVA)
- Website Penetration Testing Assessment (W/PTA)
- Mobile Device Management Assessment (MDM)
- Risk Management/Business Continuity Program
- CastleGarde NetAudit (CNA)
- Remote Social Engineering (RSE)
- Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Audit
- Website Compliance Assessment (WCA)
- Resources
- Company
Online Banking Assessment (OBA)
Online Banking Assessment (OBA)
CastleGarde’s Online Banking Assessment centers around the Federal Financial Institutions Examination Council (FFIEC) guidance on Authentication and Access to Financial Institution Services and Systems, in addition to NCUA regulatory guidance and risk management. This assessment is focused specifically on the Online Banking application (Internet Banking), utilizing client supplied application credentials (White Box Testing) to gain access for the purpose of testing the application for vulnerabilities.
Specifically test the ability to perform functions that the system should not allow
- Being able to view transaction history for a different account than the one you signed into
- Being able to transfer funds into the account you are signed into from some other non-related account
- Test the session security to see if it can be modified to gain access to other accounts
- Attempt to perform any function that would not normally be available to a user
Evaluation of the administration and end-user access of the online banking application platform
- Identification of threat landscape
- Risk assessments
- Layered security and Multifactor authentication
- Monitoring, logging and reporting
- Call center and IT help desk authentication
- Data aggregators and other CPE’s (Customer Permissioned Entities)
- User (customer/member) awareness and education
- User (customer/member) identity verification
- Privileged user (administrative) access controls