Business Logic

Explanation

This entire topic is all about exploiting logic flaws within a website's code due to flawed assumptions about the user.

This vulnerability allows attackers to manipulate an application to elicit unintended behaviour, and they are typically caused from failure to anticipate unusual application states. I feel that these kinda of vulnerabilities are a result of developers not knowing that an attacker can even manipulate their application in that way.

One example of a logic flaw would be setting money to a negative number, thereby 'adding' money.

In general, just mess around with an application, change numbers to strings, positive integers to negative ones, and see what happens!

Last updated