Integrating with fiat payments systems globally challenges the maturity of an entire security program. A security issue leads to identity theft and direct money loss, but integration is often a critical business priority. These payment systems span many types of architectures introducing more complexity and bugs. We’ll go over the typical API patterns and follow the lifecycle of an entire payment from pre-payment to reconciliation and map common payments vulnerabilities and remediation to their application security equivalents. We’ll go over how Coinbase has adapted traditional AppSec tools like 3rd party vendor reviews, threat modelling, static analysis, security champions, and bug bounties to the payments world to find and eliminate money loss and personal data loss bugs. We’ll even go through some of the privacy conundrums involved with interacting with the current financial system.
I currently work on the Application Security team at Coinbase where I work on securing our payments infrastructure along with maintaining Salus, Coinbase's security scanning orchestration tool.
