Member-only story
WEB APPLICATION — BUSINESS LOGIC VULNERABILITIES
Buisness logic vulnerabilities are flaw in the design, implementation and concept of an application, that allow an attacker to evoke unintended behaviour. The term ‘Buiseness Logic’ refers to the set of rules that defines how the web application works and behave.
Whenever we heard the term ‘Web application Vulnerabilities’ in the field of the cyber domain we tend to ponder upon the OWASP TOP 10 or major another flaw, often ignoring the impact of logical vulnerabilities.
The reason being Logic's flaws are invisible to people who aren’t explicitly looking for it. However, an attacker may be able to exploit behavior by simply interacting with the application.
So this brings us to the question-
HOW DO BUSINESS LOGIC VULNERABILITIES ARISE?
These flaws often arise because of the loophole in the design and development process. The wrong assumption of how end-user will interact with the application can lead to an inadequate validation of user input. For instance, if the developer is completely relying on the fact that the user will only pass data via the web browser, then it will result in the weak-client side control to validate input, and which can be easily bypassed by using a web proxy (such as Burpsuite).