OWASP Top 10 and Data Mining in Financial Sector

OWASP’s list have been changed since 2004 in terms of priorities; XSS and inject flaws are on the rise. Details can be found on OWASP’s website.



A1 - Cross Site Scripting (XSS)

A1 -
Unvalidated Input

A2 - Injection Flaws

A2 - Broken
Access Control

A3 - Malicious File Execution

A3 - Broken
Authentication and Session Management

A4 - Insecure Direct Object

A4 - Cross
Site Scripting

A5 - Cross Site Request Forgery

A5 - Buffer

A6 - Information Leakage and
Improper Error Handling

A6 -
Injection Flaws

A7 - Broken Authentication and
Session Management

A7 -
Improper Error Handling

A8 - Insecure Cryptographic Storage

A8 -
Insecure Storage

A9 - Insecure Communications

A9 -
Application Denial of Service

A10 - Failure to
Restrict URL Access

A10 -
Insecure Configuration Management


OWASP .NET Projects

References and Papers on Financial Data Mining

  • Mine Your Way to Combat Money Laundering
  • OFAC SDN List www.ustreas.gov/offices/enforcement/ofac/sdn/
  • FinCen www.fincen.gov/
  • FATF www.fatf-gafi.org/
  • Suspicious Activity Report
  • Keys to a Well Prepared Suspicious Activity Report
  • A framework for data mining-based anti-money laundering research
  • Profiling Behavior: The social construction of categories in the detection of financial crime; dissertation by Ana Canhoto
  • Towards a Proactive Fraud Management Framework for Financial Data Streams
  • T. Senator. "The financial crimes enforcement network AI system (FAIS)." AI Magazine 4, 1995.
  • M. Sparrow. "The State of the Fraud Control Game; and the Impact of Electronic Claims Processing on Fraud and Fraud Control." Proceedings of the International Symposium on Criminal Justice Information Systems and Technology, 1994.
  • U.S. Congress, Office of Technology Assessment (OTA). "Information Technologies for Control of Money Laundering." OTA-ITC-630. Washington, DC: U.S. Government Printing Office, September 1995.
  • Zdanowicz, J.S. (2004), "Detecting money laundering and terrorist financing via data mining", Communications of the ACM, Vol. 47 No.5
  • Watkins, R.C., Reynolds, K.M., Demara, R., Georgiopoulos, M., Gonzalez, A., Eaglin, R. (2003), "Tracking dirty proceeds: exploring data mining technologies as tools to investigate money laundering", Police Practice and Research, Vol. 4 No.2, pp.163-78.
  • Vikram, A., Chennuru, S., Rao, H.R., Upadhyaya, S. (2004), "A solution architecture for financial institutions to handle illegal activities: a neural networks approach", Proceedings of the 37th Hawaii International Conference on System Sciences-2004
  • Zhang, Z., Salerno, J.J., Yu, P.S. (2003), "Applying data mining in investigating money laundering crimes", paper presented at SIGKDD'03, Washington, DC, pp.747-52.
  • Senator, T.E., Goldberg, H.G., Wooton, J. (1995), "The financial crimes enforcement network AI system (FAIS): identifying potential money laundering from reports of large cash transactions", AI Magazine, Vol. 16 No.4, pp.21-39.
  • Tang, J., Yin, J. (2005), "Developing an intelligent data discriminating system of antimony laundering based on SVM", Proceedings of the Fourth International Conference on Machine Learning and Cybernetics. Guangzhou, pp.3453-7.
  • Kingdon, J. (2004), "AI fights money laundering", IEEE Intelligent Systems, Vol. 5/6 pp.87
  • Goldberg, H.G., Wong, R.W.H. (1998), "Restructuring transactional data for link analysis in the FinCEN AI System", Proceedings of 1998 AAAI Fall Symposium on Artificial Intelligence and Link Analysis, AAAI Press, Menlo Park, CA, .
  • Fawcett, T., Provost, F. (1997), "Adaptive fraud detection", Data Mining and Knowledge Discovery, Vol. 1 No.3, pp.291-316.