The Origin Of Business logic vulnerabilities
Introduction
There’s not a lot of information out there on business logic vulnerabilities. I challenge you to try it, go to google right now and search “business logic vulnerabilities”. You will find a very good article on it from port swigger and from OWASP but they are very limited and don’t explain the concepts very well in my opinion. Today i’m going to talk to you about logic, what it is, how it can go wrong and how can test for logic issues. I do believe logic is something you can train and there are things you can do to help improve this process.
We will go over all of these things and much more, so let’s not waste any more time and dive right in!
What is logic?
Our logic is always flawed it’s as simple as that. There’s nothing wrong with this either, we as humans simple suck at foreseeing all the possible issues that could arise. We develop many different risk mitigation strategies but you know as well as me that ruling out all the risk is impossible because we simple can’t foresee all the possible variables that play into a situation.
In business situation, we have the same issue. Whether it be banking, a shoe store or a company that sells websites, they all run into the same issues. We all run into the same issues in our daily lives. I’m going to give you a simple thought experiment to demonstrate.
