Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)

2,260 views

Published on

Session handling, credit card transactions, and password recovery are just a few examples of Web-enabled business logic processes that malicious hackers have abused to compromise major websites. These types of vulnerabilities are routinely overlooked during QA because the process is intended to test what a piece of code is supposed to do and not what it can be made to do. The other problem(s) with business logic flaws is scanners can’t identify them, IDS can’t detect them, and Web application firewalls can’t defend them. Plus, the more sophisticated and Web 2.0 feature-rich a website, the more prone it is to have flaws in business logic.

Published in: Business, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,260
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
76
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Seven Business Logic Flaws that put your Website at Risk - Harvard (07062008)

  1. 1. Seven Business Logic Flaws that put your Website at Risk Jeremiah Grossman WhiteHat Security founder CTO © 2008 WhiteHat Security, Inc. 1
  2. 2. 2 Jeremiah Grossman • WhiteHat Security Founder CTO • Technology R and industry evangelist (recently named to named to InfoWorld's CTO 25 List) • Frequent international conference speaker • Co-founder of the Web Application Security Consortium • Co-author: Cross-Site Scripting Attacks • Former Yahoo! information security officer © 2008 WhiteHat Security, Inc. 2

×