Finding Business Logic Vulnerabilities in Source Code Review
Automated Static code analysis has always been faster and provides better coverage than a manual review. Static analysis tools are effective at finding common security bugs however they are ineffective at finding business logic vulnerabilities or any complex data leakage vulnerabilities. SAST solutions traditionally have not been able to identify complex business logic vulnerabilities because these are specific to applications and/or the business. This has always been considered as the biggest limitation of these tools.
A business logic rule is composed of 4 elements Results, arguments, assignments and conditions. If the user knows the outputs of a given business rule, it will be possible to determine how those results were calculated and which arguments were used. The objective is for any application relevant data result to determine which statements create or change it, where those statements are located and under what conditions they are executed.
With Shifleft.io , it has become much more easier to find such complex vulnerabilities. You must be thinking how is that even possible? Their approach combines a novel representation of source code denoted as a code property graph. This graph combines properties of abstract syntax trees, control flow graphs and program dependence graphs in a joint data structure. This comprehensive view on code enables Shiftleft to elegantly model templates for common vulnerabilities using graph traversals such as authorization bypass templates to look for flows when authorization is not happening post authentication. ShiftLeft’s Code Property Graph can map the end-to-end flows within an application and help find any conditions that lead to logic flow bypass such as authorization bypass in the source code.
Read more about on identifying business logic flaws at
