A business logic attack is an exploit that takes advantage of a flaw in programming managing the exchange of information between a user interface and the application's supporting database.
What are application logic attacks?
In 2005, application logic flaws allowed alert,...(SearchSecurity.com)
How to negate business logic attack risk: Improve security in the SDLC
Expert Nick Lewis details the threat posed by b...(SearchSecurity.com)
Business logic attacks can be difficult to defend against because the attacker doesn't require access to anything more than what an enterprise exposes through its customer-facing Web applications. Common business logic flaws include weak password-recovery validation and improper Web application coding, particularly with regard to the use of encryption techniques and input validation.
The risks of business logic attacks include data theft, revenue loss and network security breaches. To prevent business logic attacks, the first step is improving the security processes in the software development lifecycle (SDLC). As more programmers, and even nonprogrammers, develop Web applications or mashups, it is critical to ensure that sound Web application security programming principles are followed.