Business Logic Flaws

Business logic flaws allow attackers to abuse legitimate transactions or application flows. The main challenge with these flaws is that they are typically missed by scanners or other automated tools.

MITRE assigns CWE-840 to business logic flaws, more information about this can be found here. Examples of business logic flaws include:

Unverified Ownership
Authentication Bypass Using an Alternate Path or Channel
Authorisation Bypass through User-Controlled Key
Weak Password Recovery Mechanism for Forgotten Password
Incorrect Ownership Assignment
Allocation of Resources without Limits or Throttling
Premature Release of Resource During Expected Lifetime
Improper Enforcement of a Single, Unique Action
Improper Enforcement of a Behavioral Workflow

Last updated 29 days ago

Business Logic Flaws

Business logic flaws allow attackers to abuse legitimate transactions or application flows. The main challenge with these flaws is that they are typically missed by scanners or other automated tools.

MITRE assigns CWE-840 to business logic flaws, more information about this can be found here. Examples of business logic flaws include:

Unverified Ownership
Authentication Bypass Using an Alternate Path or Channel
Authorisation Bypass through User-Controlled Key
Weak Password Recovery Mechanism for Forgotten Password
Incorrect Ownership Assignment
Allocation of Resources without Limits or Throttling
Premature Release of Resource During Expected Lifetime
Improper Enforcement of a Single, Unique Action
Improper Enforcement of a Behavioral Workflow

Last updated 29 days ago