InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties…

Follow publication

Member-only story

WEB APPLICATION — BUSINESS LOGIC VULNERABILITIES

Photo by Shahadat Rahman on Unsplash

Buisness logic vulnerabilities are flaw in the design, implementation and concept of an application, that allow an attacker to evoke unintended behaviour. The term ‘Buiseness Logic’ refers to the set of rules that defines how the web application works and behave.

Whenever we heard the term ‘Web application Vulnerabilities’ in the field of the cyber domain we tend to ponder upon the OWASP TOP 10 or major another flaw, often ignoring the impact of logical vulnerabilities.

The reason being Logic's flaws are invisible to people who aren’t explicitly looking for it. However, an attacker may be able to exploit behavior by simply interacting with the application.

So this brings us to the question-

HOW DO BUSINESS LOGIC VULNERABILITIES ARISE?

These flaws often arise because of the loophole in the design and development process. The wrong assumption of how end-user will interact with the application can lead to an inadequate validation of user input. For instance, if the developer is completely relying on the fact that the user will only pass data via the web browser, then it will result in the weak-client side control to validate input, and which can be easily bypassed by using a web proxy (such as Burpsuite).

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by Sagar

An Enthusiast learner who seeks to learn the tech in a whole new different perspective.

No responses yet

Write a response