OWASP Top 10 and Data Mining in Financial Sector#

OWASP’s list have been changed since 2004 in terms of priorities; XSS and inject flaws are on the rise. Details can be found on OWASP’s website.

2007

2004

A1 - Cross Site Scripting (XSS)

A1 - Unvalidated Input

A2 - Injection Flaws

A2 - Broken Access Control

A3 - Malicious File Execution

A3 - Broken Authentication and Session Management

A4 - Insecure Direct Object Reference

A4 - Cross Site Scripting

A5 - Cross Site Request Forgery (CSRF)

A5 - Buffer Overflow

A6 - Information Leakage and Improper Error Handling

A6 - Injection Flaws

A7 - Broken Authentication and Session Management

A7 - Improper Error Handling 

A8 - Insecure Cryptographic Storage

A8 - Insecure Storage

A9 - Insecure Communications

A9 - Application Denial of Service

A10 - Failure to Restrict URL Access

A10 - Insecure Configuration Management

 

OWASP .NET Projects
http://www.owasp.org/index.php/Category:OWASP_.NET_Project

References and Papers on Financial Data Mining

  • Mine Your Way to Combat Money Laundering
  • OFAC SDN List www.ustreas.gov/offices/enforcement/ofac/sdn/
  • FinCen www.fincen.gov/
  • FATF www.fatf-gafi.org/
  • Suspicious Activity Report
  • Keys to a Well Prepared Suspicious Activity Report
  • A framework for data mining-based anti-money laundering research
  • Profiling Behavior: The social construction of categories in the detection of financial crime; dissertation by Ana Canhoto
  • Towards a Proactive Fraud Management Framework for Financial Data Streams
  • T. Senator. "The financial crimes enforcement network AI system (FAIS)." AI Magazine 4, 1995.
  • M. Sparrow. "The State of the Fraud Control Game; and the Impact of Electronic Claims Processing on Fraud and Fraud Control." Proceedings of the International Symposium on Criminal Justice Information Systems and Technology, 1994.
  • U.S. Congress, Office of Technology Assessment (OTA). "Information Technologies for Control of Money Laundering." OTA-ITC-630. Washington, DC: U.S. Government Printing Office, September 1995.
  • Zdanowicz, J.S. (2004), "Detecting money laundering and terrorist financing via data mining", Communications of the ACM, Vol. 47 No.5
  • Watkins, R.C., Reynolds, K.M., Demara, R., Georgiopoulos, M., Gonzalez, A., Eaglin, R. (2003), "Tracking dirty proceeds: exploring data mining technologies as tools to investigate money laundering", Police Practice and Research, Vol. 4 No.2, pp.163-78.
  • Vikram, A., Chennuru, S., Rao, H.R., Upadhyaya, S. (2004), "A solution architecture for financial institutions to handle illegal activities: a neural networks approach", Proceedings of the 37th Hawaii International Conference on System Sciences-2004
  • Zhang, Z., Salerno, J.J., Yu, P.S. (2003), "Applying data mining in investigating money laundering crimes", paper presented at SIGKDD'03, Washington, DC, pp.747-52.
  • Senator, T.E., Goldberg, H.G., Wooton, J. (1995), "The financial crimes enforcement network AI system (FAIS): identifying potential money laundering from reports of large cash transactions", AI Magazine, Vol. 16 No.4, pp.21-39.
  • Tang, J., Yin, J. (2005), "Developing an intelligent data discriminating system of antimony laundering based on SVM", Proceedings of the Fourth International Conference on Machine Learning and Cybernetics. Guangzhou, pp.3453-7.
  • Kingdon, J. (2004), "AI fights money laundering", IEEE Intelligent Systems, Vol. 5/6 pp.87
  • Goldberg, H.G., Wong, R.W.H. (1998), "Restructuring transactional data for link analysis in the FinCEN AI System", Proceedings of 1998 AAAI Fall Symposium on Artificial Intelligence and Link Analysis, AAAI Press, Menlo Park, CA, .
  • Fawcett, T., Provost, F. (1997), "Adaptive fraud detection", Data Mining and Knowledge Discovery, Vol. 1 No.3, pp.291-316.




Generic | Research & Development | Security
7/20/2008 9:50:26 PM (Pacific Standard Time, UTC-08:00) #    Comments [0]  |  Trackback
Tracked by:
http://www.mynetfaves.com/tags/owasp [Pingback]

 

Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):
All content © 2008, Adnan Masood
About the Author

View Adnan Masood's profile on LinkedIn
Send mail to Adnan Masood



Adnan Masood's MCPD Transcript Logo - Microsoft Certified Professional Developer

Adnan Masood's MCTS Transcript Logo - Microsoft Certified Technology Specialist

Adnan Masood's MCSD Transcript Logo - Microsoft Certified Solution Developer Adnan Masood's MCAD Transcript Logo - Microsoft Certified Application Developer
Adnan Masood's SCJP Transcript Logo


Co-founder of the San Gabriel Valley .NET Developers Group
Member Association for Computer Machinery
Member Association for Computer Machinery special interest group on data mining and knowledge discovery

Subscribe to RSS Feed Syndicate XML

Locations of visitors to this page

On this page
Calendar
<November 2008>
SunMonTueWedThuFriSat
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456
Archives
 Full Archives By Category
October, 2008 (4)
September, 2008 (9)
August, 2008 (7)
July, 2008 (8)
June, 2008 (5)
May, 2008 (3)
April, 2008 (4)
February, 2008 (8)
January, 2008 (4)
November, 2007 (1)
October, 2007 (1)
September, 2007 (2)
August, 2007 (3)
July, 2007 (9)
June, 2007 (7)
May, 2007 (2)
April, 2007 (5)
March, 2007 (2)
February, 2007 (2)
January, 2007 (8)
December, 2006 (5)
November, 2006 (13)
October, 2006 (10)
September, 2006 (11)
August, 2006 (2)
July, 2006 (1)
June, 2006 (1)
May, 2006 (18)
April, 2006 (7)
March, 2006 (7)
February, 2006 (12)
January, 2006 (13)
December, 2005 (21)
November, 2005 (31)
October, 2005 (28)
September, 2005 (7)
August, 2005 (10)
July, 2005 (12)
June, 2005 (3)
May, 2005 (3)
March, 2005 (2)
December, 2004 (10)
November, 2004 (4)
October, 2004 (2)
September, 2004 (6)
August, 2004 (10)
July, 2004 (3)
June, 2004 (4)
May, 2004 (4)
April, 2004 (4)
March, 2004 (13)
February, 2004 (4)
Sitemap
 .Poetry
 DevConnections
 Events
 Generic
 Life
 PDC
 Research & Development
 Security
 Travel
 Web Services
Blogroll OPML
microsoft