Render 2016
  • Slider Image
    Chan Kok Jing, Daryl
  • Slider Image
    Cheong Jie Ning, Jacqueline
  • Slider Image
    Preshant Achuthan
  • Slider Image
    Xin Zhiyuan

Vulnerability Scanning of E-Payment Gateways


Course & option
Diploma in Infocomm Security Management

Project Title
Vulnerability Scanning of E-Payment Gateways

Team Members:
Preshant Achuthan, Chan Kok Jing, Daryl, Cheong Jie Ning, Jacqueline, Xin Zhiyuan

Internal Supervisor
Liew Chin Chuan (

Technology Used
Ruby, JavaScript, Ruby on Rails, PostgreSQL, Redis, Resque, PhantomJS, nmap, w3af

The trend of online shopping has become an increasing phenomenon in today’s world, driven by the connectivity and convenience that came along with rapid technology advancement. Payment gateways play a crucial and central role in e-commerce. In the event that the payment gateway is compromised, banks are held accountable to the merchant for failure to receive the correct payment funds. Security of payment gateways is a major factor in ensuring that transactions made are genuine. However, banks are in no control of payment gateways employed by online shopping sites. Banks are concerned with the fact that payment gateways, or even the shopping site, may be vulnerable and susceptible to cyber-attacks. The problem to be discussed and further explored in this project – What can be done to help banks minimize payment processing risks stemming from vulnerabilities found in e- commerce sites & payment gateways?

The solution developed, SANTA, automates the whole processing of navigating to the checkout page of an e-commerce site and detecting the various payment gateways employed by the site. SANTA would then proceed on to scan these payment gateways to identify any potential vulnerabilities which may be present.

Potential Opportunities
SANTA can be used by banks to automate this whole processing of identifying payment gateways used by an e-merchant and proceed on to check for any vulnerabilities present. This will greatly reduce the operating costs for banks as compared to running penetration tests on a regular basis.