Definition

business logic attack

Part of the Security threats and countermeasures glossary:

A business logic attack is an exploit that takes advantage of a flaw in programming managing the exchange of information between a user interface and the application's supporting database.

Next Steps

What are application logic attacks?
In 2005, application logic flaws allowed alert,...
(SearchSecurity.com)
How to negate business logic attack risk: Improve security in the SDLC
Expert Nick Lewis details the threat posed by b...
(SearchSecurity.com)

Business logic attacks can be difficult to defend against because the attacker doesn't require access to anything more than what an enterprise exposes through its customer-facing Web applications. Common business logic flaws include weak password-recovery validation and improper Web application coding, particularly with regard to the use of encryption techniques and input validation.

The risks of business logic attacks include data theft, revenue loss and network security breaches. To prevent business logic attacks, the first step is improving the security processes in the software development lifecycle (SDLC). As more programmers, and even nonprogrammers, develop Web applications or mashups, it is critical to ensure that sound Web application security programming principles are followed.

This was last updated in February 2013

Contributor(s): Nick Lewis

Posted by: Margaret Rouse

Related Terms

Definitions

Five Steps to Incident Management in a Virtualized Environment
- Incident management (IM) is a necessary part of a security program. When effective, it mitigates business impact, identifies weaknesses in controls, and helps fine-tune response processes. Traditio... (WhatIs.com)

Glossaries

Security threats and countermeasures
- Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
Web services, SOA
- Terms related to web services, including definitions about service-oriented architecture (SOA) and words and phrases about web applications that use XML and HTTP.
Programming
- Terms related to software programming, including definitions about programming languages and words and phrases about software design, coding, testing and debugging.

Dig Deeper

What are application logic attacks?

In 2005, application logic flaws allowed alert, Web-savvy gamblers the chance to win a lot of money. In this SearchSecurity.com tip, application security expert Michael Cobb examines these types of... (SearchSecurity.com)
How to negate business logic attack risk: Improve security in the SDLC

Expert Nick Lewis details the threat posed by business logic attacks and how stressing the importance of security in the SDLC can reduce that threat. (SearchSecurity.com)
The dangers of application logic attacks

Do you know how to prevent an application logic attack? In this tip, Web application security expert Michael Cobb explains how application logic attacks occur and offers tactics for protecting you... (SearchSecurity.com)

Browse Alphabetically

business logic attack

Next Steps

Related Terms

Definitions

Glossaries

Dig Deeper

Continue Reading About business logic attack

Fast References

People Who Read This Also Read...

Ask a Question. Find an Answer.Powered by ITKnowledgeExchange.com

Ask An IT Question

Tech TalkComment

Share

Comments

Results

Contribute to the conversation

Browse Definitions Alphabetically

Word of the Day

Get the Word of the Day via email

20 Newest Terms

More from Related TechTarget Sites