Definition

business logic attack

A business logic attack is an exploit that takes advantage of a flaw in programming managing the exchange of information between a user interface and the application's supporting database.

Business logic attacks can be difficult to defend against because the attacker doesn't require access to anything more than what an enterprise exposes through its customer-facing Web applications. Common business logic flaws include weak password-recovery validation and improper Web application coding, particularly with regard to the use of encryption techniques and input validation.

The risks of business logic attacks include data theft, revenue loss and network security breaches. To prevent business logic attacks, the first step is improving the security processes in the software development lifecycle (SDLC). As more programmers, and even nonprogrammers, develop Web applications or mashups, it is critical to ensure that sound Web application security programming principles are followed.

This was last updated in February 2013
Contributor(s): Nick Lewis
Posted by: Margaret Rouse

Related Terms

Definitions

  • Heartbleed

    - Heartbleed is a vulnerability in some implementations of OpenSSL. Because OpenSSL is used by approximately 66% of all active websites on the Internet, many experts have called Heartbleed one of the... (SearchSecurity.com)

  • SYN flood (half open attack)

    - SYN flooding is a method that the user of a hostile client program can use to conduct a denial-of-service (DoS) attack on a computer server. (SearchSecurity.com)

  • Microsoft Security Essentials (MSE)

    - Microsoft Security Essentials (MSE) is an antimalware software product made by Microsoft that provides protection for client computers against viruses, worms, Trojans, spyware and other malicious s... (SearchSecurity.com)

Glossaries

  • Security threats and countermeasures

    - Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About business logic attackPowered by ITKnowledgeExchange.com

Get answers from your peers on your most technical challenges

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.