What is business logic attack? - Definition from WhatIs.com

Definition

business logic attack

A business logic attack is an exploit that takes advantage of a flaw in programming managing the exchange of information between a user interface and the application's supporting database.

Business logic attacks can be difficult to defend against because the attacker doesn't require access to anything more than what an enterprise exposes through its customer-facing Web applications. Common business logic flaws include weak password-recovery validation and improper Web application coding, particularly with regard to the use of encryption techniques and input validation.

The risks of business logic attacks include data theft, revenue loss and network security breaches. To prevent business logic attacks, the first step is improving the security processes in the software development lifecycle (SDLC). As more programmers, and even nonprogrammers, develop Web applications or mashups, it is critical to ensure that sound Web application security programming principles are followed.

This was last updated in February 2013
Contributor(s): Nick Lewis
Posted by: Margaret Rouse

Related Terms

Definitions

  • frequency-hopping spread spectrum

    - Frequency hopping is one of two basic modulation techniques used in spread spectrum signal transmission. (SearchNetworking.com)

  • SS7 attack

    - While the SS7 network is fundamental to cellphones and its operators, the security of the design relied entirely on trust. The SS7 network operators counted on one another to play by the rules. Now... (WhatIs.com)

  • single sign-on (SSO)

    - Single sign-on is a session and user authentication process in which a user can access multiple applications with one name and password. (SearchSecurity.com)

Glossaries

  • Security threats and countermeasures

    - Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About business logic attackPowered by ITKnowledgeExchange.com

Get answers from your peers on your most technical challenges

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.