Noor Alhomeed
Cyber Threat Intelligence Analyst, Master Student
king fahd university of petroleum and minerals(KFUPM)
MSc at KFUPM | Security researcher | CMPen | CRTA | CRTP | eMAPT | HTB CBBH | CTIA | eWPTX | CySA+ | eCPPTv2 | eWPT | eJPT
Speaker sessions
Exploiting Payment Workflows in Mobile Application: A Generalized Attack Surface
Mobile payment workflows consist of a sequence of client-server interactions that hat manage critical operations like initiating payments, verifying transactions, confirming success, and managing refunds. When these workflows are not securely designed and enforced, attackers can exploit various weak points to manipulate payments, bypass verifications, or achieve unauthorized actions.This session explores the possible attack scenarios of mobile payment processes, extending beyond the usual vulnerabilities. We will dissect common flaws in session management, API communication, transaction state handling, and business logic that can be leveraged to compromise payment integrity.Through practical demonstrations and methodology breakdowns, this session will showcase how attackers systematically identify and exploit weaknesses in mobile payment processes. We will also discuss effective defense strategies, from server-side validations and idempotency controls to secure session lifecycle management and anomaly detection.
- 13:40
- Thu
- 04 Dec
Stage:
Briefings 1
Sessions Type:
Presentation