business-logic
8 posts
The business of Authorization and Authentication flaws
business-logic
Ensuring security is one of the most daunting challenges that web applications are facing nowadays. Authentication and authorization are two main security fields that web applications must consider to be protected against unauthorized
Taxonomy of Business logic flaws
business-logic
In the previous article we defined and discussed Business Logic Flaws and its inherent risks. In software design, all the web applications can be modeled as set of use cases and workflows. A
Case Files: Your data has been breached, now what?
business-logic
Act 6— Your data has been breached, now what?In my previous post we witnessed how a flawed design pattern of session management across SaaS vendors led for an exploit to manifest. Type
Case Files: Pusher in Coinbase cookie
business-logic
In my previous post we witnessed how a bidding process can be abused in an online auction marketplace. All of us are guilty of using SaaS services in this cloud era. Our systems
Case Files: Outbidding
business-logic
In my previous post we witnessed a vendor partnership flaw that was exploited. Let us now situate ourselves in an online auction event. Online auctions offer buyers and sellers of a wide variety
Case Files: The dynamic duo Andrew and Allen exploit Nordstorm with their FatWallet
business-logic
Fast forward 2012, from my last post that enacted Citibank’s exploit from 1999. The actors in this story are Andrew and Allen Chiu and their plot to defraud Nordstorm via a channel
Case Files: Attack like its 1999 (Citibank) in 2012 (Signet/Jared jewelers, Molina Health)
business-logic
In the prior installment I discussed and described the definition of a business logic flaw. Let us now turn back time to 1999 and recount events leading to Citibank attack on approximately 360,
What is a Business logic flaw?
business-logic
With increase in standards of technology in past decade, the complexity of a software applications has increased exponentially. Unfortunately, this has also increased the number of attacks that have been launched on such