Biz Builder Mike

You can't sail Today's boat on Yesterdays wind - Michael Noel

integration

By 2022, Most Payments will Migrate to ISO 20022, a Standard for Electronic Data Interchange between Financial Institutions, According to Payment Components

The team at Payment Components, a UK-based firm that’s empowering Open Banking with agile PSD2 and API frameworks (developing solutions for banks, corporates, and developers including BaaS while supporting Fintech payments), notes that with the introduction of new regulations and payment systems, managing a bank’s payment infrastructure is “becoming increasingly complex.”

Bank institutions have to integrate with new acquisitions, localize their proprietary technology stacks to the countries they move to, while also having to keep up with standard payment integrations. If banking platforms don’t complete these tasks, then their payments messaging “becomes siloed and causes system delays, errors, and increased costs,” according to Payment Components.

The Payment Components team asks how smaller banks and e-money institutions can “efficiently keep up with the constant stream of new releases?” The Fintech firm states that it has created a solution that lets banks manage all their payment flows “within the same system.”

The company explains:

“Each country has its own domestic payment service and each bank and group may have its own messaging system. So far, the dominant messaging standard used for the last decades has been SWIFT MT. But this international standard has reached its limits as the industry needed a messaging protocol able to carry more data and requiring fewer manual intervention.”

They added:

“The demand for instant payments is growing. In the UK, the use of Faster Payments has seen an increase with double digits quarter on quarter. And growth is similar all over the world.” 

Big Four auditing firm Deloitte reveals that real-time payments have helped with increasing and providing easier access to working capital. They’ve also improved the efficiency of the financial system by enhancing financial inclusion, while lowering the overall cost of payment systems. According to Payment Components, it should be clear that the trend is “moving towards instant payments and ISO 20022 is the messaging standard that can be used for all types of financial communication.”

The payments firm further noted:

“There are a huge number of benefits to managing payments with a new protocol such as the ISO20022. Firstly, it can transfer a lot more data and therefore enable banks to build informational structures and make data-driven decisions. Secondly, it offers long term benefits for the economy as it allows for more flexibility and innovation in the financial sector.”

Payment Components explains that it’s a protocol that serves as an “enabler” since it provides a more organized way to take care of payments messaging. Two of the primary features are that messaging components are reused instead of having to be created “from scratch” for each message, and the format (syntax) is separate or distinct from the semantics. This reportedly makes it a lot easier to understand messages wherever they might be coming from, the Payment Components team noted.

They also mentioned:

“ISO20022 is there to help improve communication, understand messages from other institutions, and enhance cooperation. The vast majority of the payments around the world will have migrated to the ISO20022 by 2022.”

The Fintech firm continued:

“SEPA, the EURO area payment integration initiative, also utilizes ISO20022 to offer low-value transfers at minimal cost and real-time payments throughout the SCT Inst scheme. That’s why the best strategy is to implement a system that can manage all types of payment protocols.” 

They further noted that it’s one that manages to stay up to date with new releases, and can also integrate with ISO20022, SWIFT MT, SEPA and proprietary payment protocols. With an Internet-based end-to-end solution, banks and financial institutions may add digital payments to their core system in “a simple plug-in application.” They also mentioned that the upfront time and investment required to install it is “minimal,” and the system is “specifically built to integrate seamlessly with different banking core systems.”

Payment Components claims that being able to stay up-to-date with the latest releases and payment infrastructures does not have to be costly and time-consuming. We also don’t have to work with fragmented legacy systems, because with payment systems such as aplonHub, your bank may use the same technology that Fintech firms use and take advantage of the latest payment standards “without creating more siloes,” according to Payment Components.

Source

Sushiswap reveals ambitious 2021 roadmap

After a wild, up-and-down 2020 that saw Sushiswap become the largest decentralized exchange (DEX) by liquidity at two different points, the decentralized finance (DeFi) platform has released a wildly ambitious project roadmap for 2021.

Key forthcoming developments include multiple examples of some of the most complex and advanced functionalities in the DeFi space, including a cross-chain DEX that will be enabled by Rune and Moonbeam, an implementation on the Polkadot chain, and a fully decentralized governance structure by the end of 2021.

The post also provided updates on previously-announced projects, including a v2 launch called Mirin and a mid-January target date for the launch of BentoBox, a forthcoming lending product.

There were also hints at a possible forthcoming rebrand. Given the variety and number of products currently offered and in development, “Sushiswap will be moving to a new domain in 2021 to reflect better how we aren’t an AMM anymore.” 

One development that particularly excited observers includes a proposed integration with ArcherDAO. Archer works with Ethereum miners to produce more efficient blocks, and the integration will be able to reduce front-running by miners, also known as miner-extractable value (MEV).

Other integrations include forthcoming support for algorithmic stablecoins FRAX and DSD, as well as BAO.

Finally, the blog gave an update on scaling plans, noting that Sushiswap will “move in sync with the greater Yearn ecosystem,” and that zero knowledge rollups will likely be the preferred solution.

It’s a long list of goals for a projects barely six months old. However, in an interview with Cointelegraph earlier in the week, Sushiswap core contributor 0xMaki spoke to the vision of an ever-growing, well-incentivized Sushiswap community.

 “I want to keep incentivizing people to productivize their assets. Make them join a DAO. Rewards more devs so they can build what they love. Introduce more people to DeFi and new financial primitives. Showcase prominently new dApps on Sushi. Everyone will be a winner in 2021.”

At press time $Sushi is up 10% on the day to $4.64. 

Sushiswap reveals ambitious 2021 roadmap

Source

DeFi integration and layer-2 tech back Matic Network’s (MATIC) 92% rally

The exponential growth of the decentralized finance sector increased activity on the Ethereum blockchain, and this has resulted in slow transaction times and incredibly high fees. 

In the last month, Ether (ETH) price has also rallied more than 100%, and gas fees are on the rise again as demand for ETH and a resurgence in the DeFi sector accelerates.

Matic Network intends to solve the DeFi and decentralized applications scalability problem by using layer-two technology for off-chain computing.

Multiple sidechains can be used simultaneously, and each is secured by a group of validators via its proof-of-stake system. The results are then pushed to the Ethereum network, creating checkpoints.

The project aims to become blockchain agnostic, which would allow for interoperable assets in the future. Currently, the Matic Network is ERC-20-based and its MATIC token has a $156 million market capitalization.

Backed by Coinbase Ventures and Binance Launchpad, the project raised $5.6 billion during its initial exchange offering in April 2019. A number of notable projects have already integrated Matic Network’s infrastructure, including Decentraland and Maker.

Since Jan. 1, MATIC has rallied 92%, but the token is still 23% below its Dec. 2019 all-time-high at $0.44.

MATIC/USDT 4-hour chart. Source: TradingView

Matic Network initiated deposits and withdrawals on its mainnet on June 20, 2020, and a few days later, it began offering staking capabilities. Tokenholders were then able to delegate their staking to validators and share revenue.

On Sep. 10, 2020, Matic released its proof-of-stake token bridge, allowing faster transfers between the Ethereum and Matic networks.

Since August 2020, Matic’s BEPSwap decentralized exchange has been running on a beta version, and its liquidity has dropped about 25% from it’s $40 million peak.

In September 2020, Matic Network launched its final staking phase by adding community-run validator nodes while increasing slots to 100. The team intends to gradually shut down all Matic Foundation nodes, allowing the community to choose from public validators.

DeFi and altcoin season appears to be pushing MATIC higher

Over the last few weeks, a handful of projects have chosen to launch on Matic Network, including the game SkyWeaver, Aavegotchi Crypto Collectibles, the collectible game Drakon IOI and Fire Protocol OS.

Furthermore, on Jan. 6, the MATIC token listed on Huobi Global and offered an $80 premium to new users who onboarded with full Know Your Customer verification.

Matic Twitter user activity vs. price (USD). Source: The Tie

Data from The Tie shows that the recent price spike has been accompanied by a considerable increase in social network activity, but it’s difficult to determine whether the uptick in Twitter users is the primary driver behind MATIC’s price action.

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph. Every investment and trading move involves risk. You should conduct your own research when making a decision.

DeFi integration and layer-2 tech back Matic Network’s (MATIC) 92% rally

Source

Automate Mobile Application Security Testing from Jenkins

Automate Mobile Application Security Testing from JenkinsAutomate Mobile Application Security Testing from JenkinsAutomate Mobile Application Security Testing from JenkinsAutomate Mobile Application Security Testing from Jenkins

Mobile apps require continuous testing throughout the development process to ensure proper compliance and security measures are in place. If you are using Jenkins continuous integration server in your pipeline, continually testing your mobile app builds is simple with Zimperium’s mobile application security testing platform, zScan.

Here we will describe how you can automate mobile application security testing from your Jenkins implementation and increase your testing cadence to produce better apps while reducing your time to market and the associated manual effort. Every time new code is submitted to Jenkins, zScan will test the compiled app and provide specific details about improving any security gaps in your mobile apps. 

In this blog, we provide details on:

  1. Why mobile application security testing remains difficult;
  2. How to automate and configure testing from Jenkins;
  3. Available outputs and optional Jira integrations;
  4. Test Data categorizations; and
  5. How to install in your existing processes

Successful Continuous Mobile App Testing

Today, successful mobile application development organizations utilize a combination of native and cross-platform frameworks. Cross-platform frameworks allow for a single code base without compromising a great user experience. This means features and fixes are rolled out much more frequently than ever before. 

Keeping pace requires testing solutions to not only assess these frameworks accurately, but also allow for complete automation. You need mobile specific tools since it’s not just Android and iOS operating systems that are changing; the hybrid frameworks are evolving as well. 

“With zScan, we are detecting security vulnerabilities before release – in hours rather than weeks – and then automatically provide our third party developer with a list of fixes.” – Application Security Manager, Global Banking Company

Failing to identify errors in mobile apps correctly can lead to disastrous results. Governing bodies can fine your company for failing to comply with a compliance mandate or, worse, your company could suffer severe brand damage if a mobile app breach became public. 

There are several public mobile app breach examples from this year. Some of the more notable breaches from this year include the Walgreens mobile app, BHIM data leak, and several coronavirus contact tracing apps that leaked private user data.

Automated App Testing Using CI/CD Platforms

Automating mobile application security testing in your DevOps toolchain provides your teams the opportunity to test early and test often. Developers continue to commit code in the same fashion when developing new features, bug fixes, and modifications. However, by integrating continuous testing to Jenkins during the development cycle, you identify compliance, security, and privacy risks early when they are less expensive to fix. 

If you reduce the number of bugs by testing more often, your overall delivery costs decrease, and throughput increases. Integrating security tools into existing DevOps frameworks allows for more productivity and better quality without forcing developers to unlearn and relearn new processes. Sounds good, right?

zScan Automates Mobile Application Security Testing

Zimperium’s zScan mobile application security testing platform provides security and development teams with privacy, data leakage, compliance violations, and security findings on any iOS or Android application. Zimperium’s proprietary processing engine dissects each mobile application binary directly from Jenkins and provides data on your apps’ resident risks. 

Each finding provides developers specific descriptions and remediation instructions. The detailed instructions can integrate into existing ticketing systems like Jira. The platform can be further customized to focus on categories that align with your enterprise or industry. 

Incorporating the scan results into your ticketing system allows for further downstream efficiencies. These integrations mean developers can work faster and reduce cycle times for bug fixes and enhancements. Teams can customize and filter findings as tracked, mitigated, confirmed, or fixed to prioritize workflows and deadlines.

How to Configure Your Jenkins Server and zScan

Integrating Zimperium’s mobile application security testing to Jenkins is simple.

  1. Download Jenkins plugin from zScan administration console;
  2. Open Jenkins and navigate to “Manage Plugins;”
  3. Upload zScan plugin to zScan; and 
  4. Configure Jenkins

Download the Jenkins plugin provided in your zConsole administration panel.

Navigate to Manage Jenkins and select Manage Plugins.

Click the Advanced tab and in the Upload Plugin section, choose and upload the file zScan-jenkins-plugin.hpi. 


Then restart Jenkins.

Jenkins Configuration

In the Configure section of your project, select Add Post-Build Action, and click “Upload Build Artifacts to zScan.”

Available fields in your configuration include:

  • Zimperium Server URL Endpoint
    • This is your root URL to your Zimperium console.
  • Client ID
    • This value is from your Zimperium Console Authorizations. Your Client ID is created after you generate your API Key.
  • Client Secret
    • This client secret is only displayed when you initially generate your API key along with the client identifier value.
  • Source Files
    • This allows you to specify patterns using ANT script. Zimperium provides several possible ANT statement examples that can help you get started.
  • Excluded Files
    • This field provides the ability to specify patterns to exclude files. This field is the opposite of the Source Files field. Similarly, multiple patterns are comma-separated.

Findings, Instances, and Compliance Categories

After you configure Zimperium’s mobile application security testing platform with Jenkins and begin testing, zScan will provide you with security findings and instances. Findings are potential issues discovered in the app analysis. Each of the findings describing each issue is categorized by affecting security, data leakage, and compliance (OWASP, NIAP, NIST, CCPA, GDPR) mandates and recommendations. 

Instances are specific locations where the finding is present in your app’s code. A hypothetical finding example in a physical penetration test could be that the doors in your house remain unlocked. If both the front door and back door are unlocked, there are two instances of the finding. Both of the findings may or may not need to be fixed. You can choose to accept one instance, allowing the back door to remain unlocked for a given house (app). Customizable policies can filter findings in future assessments for unlocked doors so you can focus on new findings.

[embedded content]

zScan Helps Reduce Mobile App Risk

To reduce risk and limit fraud, organizations worldwide are testing native and hybrid mobile apps with zScan to identify potential data leakage and security vulnerabilities. Mobile application development teams from the banking, financial services, healthcare, and public sector depend on Zimperium to secure, harden and detect real-time attacks to their apps, no matter the health of their users’ device. 

“With zScan, we are detecting security vulnerabilities before release – in hours rather than weeks – and then automatically provide our third-party developer with a list of fixes.” – Application Security Manager, Global Banking Company

Contact us today for more information on zScan and how you can automate your mobile application security testing.

Previous Zimperium Mobile Security Blog PostPrevious Zimperium Mobile Security Blog Post Millions Stolen from US and EU Banks Could’ve Been Prevented

Automate Mobile Application Security Testing from Jenkins

Source

Eclass Introduces DLT-based Infrastructure For Industrial Digital Twins

Eclass e.V wants to implement the distributed ledger-based infrastructure on the IOTA platform. The firm presented a white paper to that end and described it as an infrastructure that will provide the enablement for the growth of industrial digital twins.

As a decentralized platform, the new ECLASS platform will be based on 5 use cases. The five practice-relevant use cases show how the decentralized registry and be applied in practice and implemented.

The use case shows how Digital Twins and other related services can be registered and accessed by users in varying lifecycle stages. Additionally, the use case also indicates how it’s possible to link the industrial asset users with multiple Digital twins. It also shows how the Digital Twins located using the unique asset ID.

A milestone in Industrie 4.0 development

The IOTA second layer solution, such as IOTA Identity and IOTA Access, can operate in the ECLASS scheme. It will offer additional features in the security, sovereignty, and integrity of the stored data in the network.

The whitepaper also described the ECLASS standard as very important when describing the services and the features of the certificates of qualification and authorization of Digital Twins. Based on the whitepaper, it will achieve a vital breakthrough in the future of open global Indstrie 4.0 ecosystem. It also pointed out the challenges in different areas such as logistics, retail, energy, and automotive, which concentrates on the requirements of the Industrie 4.0.

Creating an unimaginable business model

Digital Twin has been described as a technology that will enhance horizontal integration, networking, and digitalization. The technology can be applied in a wide range of areas, including engineering, logistics, and production, as well as purchasing.

It will create a business model and new opportunities in ways not imagined before, according to the white paper.

Classic value chains are increasingly becoming interconnected value networks and the Digital Twin framework will be relevant for improved Cyber-Physical Systems (CPS), according to the announcement.

Processes, products, and machines will all have their Digital Twins, which will create the CPS via the combination of physical objects and their Digital Twins. Throughout the entire lifecycle, the relevant production data and product information provided in the Digital Twin will be made accessible to the partners in the value chain at any given place and time.

Digital Twins will function as the digital representation of the real world in the information world. But the necessary vertical and horizontal integration, as well as collaboration with all participants will be possible based on common standards. The company said it will require the partnership of all participants across continents, countries, and company boundaries to make it work.

Eclass Introduces DLT-based Infrastructure For Industrial Digital Twins

Source