Forum Thread: Do you think that the supposed secure financial sites are really safe ???

Nothing is entirely secure; that's the point of Null Byte.

With that being said, I can assure you that financial institutions take every available precaution to ensure high levels of security. For instance, the Commonwealth Bank of Australia have dedicated security staff monitoring every transaction, they work closely with the federal police, and will also block suspicious transactions until they can ensure the legitimacy of them.

They use Extended Validation certificates through VeriSign with 128-bit SSL encrypted sessions; and employ regular independent security auditors who check everything from architecture and firewall configurations to web server and applications security.

And these are just a few examples of what they do for security, I only mention these things to not only point out the lengths they go, but to show you that even through all of these precautions, it can be breached. As was demonstrated recently in OTW's Hack of the Century thread.

Nothing is entirely secure.

EDIT: To answer your question though, yes. I do believe financial institutions are safe, to a very high degree.

ghost_

Nicely stated.

High profile targets such as financial institutions tend to deploy defense mechanisms that can detect and stop automated attacks like sqlmap. Thats not to say there may not be sqli vulnerabilities in these targets, and that once these vulnerabilities are discoverd that sqlmap's advanced settings couldn't be used to exploit them. It's just to say that it's highly more likely to take very skilled person(s) a significant amount of time, financial backing and manual skill with sqli to discover and exploit them. Although not much would surprise me anymore.

What he said