SlideShare a Scribd company logo

Business Logic Vulnerabilities.pptx

Download as PPTX, PDF
W
WomeninTech1

This vulnerability is for client side. How client-side gets weak and attacker take advantage of this issue.

1 of 8
HV Hacker Vlog Business Logic Vulnerabilities By: Riddhi Soral (HackerVlog)
HV Hacker Vlog Hacker Vlog - A S D A c a d e m y i s o n e o f t h e b e s t a c a d e m y w h i c h g i v e s 1 0 0 % p r a c t i c a l c o u r s e i n f i e l d o f C y b e r S e c u r i t y & C o d i n g … . .
Business Logic Vulnerabilities Add a footer 3 • Logic flaws are often invisible to people who aren't explicitly looking for them as they typically won't be exposed by normal use of the application. • Flaws in the logic can allow attackers to circumvent these rules. For example, they might be able to complete a transaction without going through the intended purchase workflow. • Business logic vulnerabilities are flaws in the design and implementation of an application that allow an attacker to elicit unintended behavior. This potentially enables attackers to manipulate legitimate functionality to achieve a malicious goal.
FR How do business logic vulnerabilities arise? • Business logic vulnerabilities often arise because the design and development teams make flawed assumptions about how users will interact with the application. These bad assumptions can lead to inadequate validation of user input. • For example, if the developers assume that users will pass data exclusively via a web browser, the application may rely entirely on weak client-side controls to validate input. These are easily bypassed by an attacker using an intercepting proxy. • this means that when an attacker deviates from the expected user behavior, the application fails to take appropriate steps to prevent this and, subsequently, fails to handle the situation safely. Add a footer 5
FR Add a footer 6 What is the impact of business logic vulnerabilities?  The impact of business logic vulnerabilities can, at times, be fairly trivial. It is a broad category and the impact is highly variable. However, any unintended behavior can potentially lead to high-severity attacks if an attacker is able to manipulate the application in the right way.  The impact of any logic flaw depends on what functionality it is related to. If the flaw is in the authentication mechanism, for example, this could have a serious impact on your overall security.  Flawed logic in financial transactions can obviously lead to massive losses for the business through stolen funds, fraud, and so on.
FR Add a footer 7 How to prevent business logic- vulnerabilities  Make sure developers and testers understand the domain that the application serves  Avoid making implicit assumptions about user behavior or the behavior of other parts of the application
HV Hacker Vlog Thank You. www.asdcybersecurity.in 8107315776 info@asdcybersecurity.in

Recommended

Data Security in Fintech App Development: How PHP Can Help
Data Security in Fintech App Development: How PHP Can HelpData Security in Fintech App Development: How PHP Can Help
Data Security in Fintech App Development: How PHP Can Help
Narola Infotech
 
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)
Wail Hassan
 
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
Osei Fortune
 
Security testing
Security testingSecurity testing
Security testing
Khizra Sammad
 
CISA (1).pdf
CISA (1).pdfCISA (1).pdf
CISA (1).pdf
Infosec Train
 
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEWFREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
infosec train
 
Panama Papers Leak and Precautions Law firms should take
Panama Papers Leak and Precautions Law firms should takePanama Papers Leak and Precautions Law firms should take
Panama Papers Leak and Precautions Law firms should take
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 

Recommended

Data Security in Fintech App Development: How PHP Can Help
Data Security in Fintech App Development: How PHP Can HelpData Security in Fintech App Development: How PHP Can Help
Data Security in Fintech App Development: How PHP Can Help
Narola Infotech
 
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)
Wail Hassan
 
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur
 
How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?How Can I Reduce The Risk Of A Cyber-Attack?
How Can I Reduce The Risk Of A Cyber-Attack?
Osei Fortune
 
Security testing
Security testingSecurity testing
Security testing
Khizra Sammad
 
CISA (1).pdf
CISA (1).pdfCISA (1).pdf
CISA (1).pdf
Infosec Train
 
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEWFREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
FREQUENTLY ASKED QUESTIONS IN CISA CERTIFIED ROL INTERVIEW
infosec train
 
Panama Papers Leak and Precautions Law firms should take
Panama Papers Leak and Precautions Law firms should takePanama Papers Leak and Precautions Law firms should take
Panama Papers Leak and Precautions Law firms should take
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Panama-Paper-Leak
Panama-Paper-LeakPanama-Paper-Leak
Panama-Paper-Leak
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
DrBasemMohamedElomda
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
Michael Hidalgo
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
 
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
Varun Mithran
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
The Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxThe Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docx
QACraft
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Berezha Security Group
 
Software Myths
Software MythsSoftware Myths
Software Myths
Rajat Bajaj
 
Top Application Security Threats
Top Application Security Threats Top Application Security Threats
Top Application Security Threats
ColumnInformationSecurity
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays
 
Security Design Considerations In Robotic Process Automation.docx
Security Design Considerations In Robotic Process Automation.docxSecurity Design Considerations In Robotic Process Automation.docx
Security Design Considerations In Robotic Process Automation.docx
Sridevi Kakolu
 
Owasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListOwasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities List
Vamsi K
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should Know
Narola Infotech
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail Security
IBM Software India
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
Alwin Thayyil
 
mastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdfmastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdf
sarah david
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
WaniBasim
 

More Related Content

Similar to Business Logic Vulnerabilities.pptx

Panama-Paper-Leak
Panama-Paper-LeakPanama-Paper-Leak
Panama-Paper-Leak
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
DrBasemMohamedElomda
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
Michael Hidalgo
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
 
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
Varun Mithran
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
 
The Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxThe Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docx
QACraft
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Berezha Security Group
 
Software Myths
Software MythsSoftware Myths
Software Myths
Rajat Bajaj
 
Top Application Security Threats
Top Application Security Threats Top Application Security Threats
Top Application Security Threats
ColumnInformationSecurity
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays
 
Security Design Considerations In Robotic Process Automation.docx
Security Design Considerations In Robotic Process Automation.docxSecurity Design Considerations In Robotic Process Automation.docx
Security Design Considerations In Robotic Process Automation.docx
Sridevi Kakolu
 
Owasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListOwasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities List
Vamsi K
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should Know
Narola Infotech
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
ONE BCG
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail Security
IBM Software India
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
Alwin Thayyil
 
mastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdfmastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdf
sarah david
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 

Similar to Business Logic Vulnerabilities.pptx (20)

Panama-Paper-Leak
Panama-Paper-LeakPanama-Paper-Leak
Panama-Paper-Leak
 
Security Design Principles.ppt
Security Design Principles.ppt Security Design Principles.ppt
Security Design Principles.ppt
 
Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...Application Security Testing for Software Engineers: An approach to build sof...
Application Security Testing for Software Engineers: An approach to build sof...
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
The Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxThe Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docx
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
 
Software Myths
Software MythsSoftware Myths
Software Myths
 
Top Application Security Threats
Top Application Security Threats Top Application Security Threats
Top Application Security Threats
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
 
Security Design Considerations In Robotic Process Automation.docx
Security Design Considerations In Robotic Process Automation.docxSecurity Design Considerations In Robotic Process Automation.docx
Security Design Considerations In Robotic Process Automation.docx
 
Owasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities ListOwasp Top 10 Vulnerabilities List
Owasp Top 10 Vulnerabilities List
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should Know
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
 
The challenges of Retail Security
The challenges of Retail SecurityThe challenges of Retail Security
The challenges of Retail Security
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 
mastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdfmastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdf
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 

Recently uploaded

Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
WaniBasim
 
ZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptxZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptx
dot55audits
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
haiqairshad
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
MJDuyan
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxBeyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
EduSkills OECD
 
Solutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptxSolutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptx
spdendr
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
HajraNaeem15
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
TechSoup
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
ssuser13ffe4
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
siemaillard
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Excellence Foundation for South Sudan
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
imrankhan141184
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
GeorgeMilliken2
 

Recently uploaded (20)

Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
Liberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdfLiberal Approach to the Study of Indian Politics.pdf
Liberal Approach to the Study of Indian Politics.pdf
 
ZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptxZK on Polkadot zero knowledge proofs - sub0.pptx
ZK on Polkadot zero knowledge proofs - sub0.pptx
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skillsspot a liar (Haiqa 146).pptx Technical writhing and presentation skills
spot a liar (Haiqa 146).pptx Technical writhing and presentation skills
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxBeyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
 
Solutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptxSolutons Maths Escape Room Spatial .pptx
Solutons Maths Escape Room Spatial .pptx
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 
math operations ued in python and all used
math operations ued in python and all usedmath operations ued in python and all used
math operations ued in python and all used
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
 
Your Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective UpskillingYour Skill Boost Masterclass: Strategies for Effective Upskilling
Your Skill Boost Masterclass: Strategies for Effective Upskilling
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
 

Business Logic Vulnerabilities.pptx

  • 2. HV Hacker Vlog Hacker Vlog - A S D A c a d e m y i s o n e o f t h e b e s t a c a d e m y w h i c h g i v e s 1 0 0 % p r a c t i c a l c o u r s e i n f i e l d o f C y b e r S e c u r i t y & C o d i n g … . .
  • 3. Business Logic Vulnerabilities Add a footer 3 • Logic flaws are often invisible to people who aren't explicitly looking for them as they typically won't be exposed by normal use of the application. • Flaws in the logic can allow attackers to circumvent these rules. For example, they might be able to complete a transaction without going through the intended purchase workflow. • Business logic vulnerabilities are flaws in the design and implementation of an application that allow an attacker to elicit unintended behavior. This potentially enables attackers to manipulate legitimate functionality to achieve a malicious goal.
  • 4.
  • 5. FR How do business logic vulnerabilities arise? • Business logic vulnerabilities often arise because the design and development teams make flawed assumptions about how users will interact with the application. These bad assumptions can lead to inadequate validation of user input. • For example, if the developers assume that users will pass data exclusively via a web browser, the application may rely entirely on weak client-side controls to validate input. These are easily bypassed by an attacker using an intercepting proxy. • this means that when an attacker deviates from the expected user behavior, the application fails to take appropriate steps to prevent this and, subsequently, fails to handle the situation safely. Add a footer 5
  • 6. FR Add a footer 6 What is the impact of business logic vulnerabilities?  The impact of business logic vulnerabilities can, at times, be fairly trivial. It is a broad category and the impact is highly variable. However, any unintended behavior can potentially lead to high-severity attacks if an attacker is able to manipulate the application in the right way.  The impact of any logic flaw depends on what functionality it is related to. If the flaw is in the authentication mechanism, for example, this could have a serious impact on your overall security.  Flawed logic in financial transactions can obviously lead to massive losses for the business through stolen funds, fraud, and so on.
  • 7. FR Add a footer 7 How to prevent business logic- vulnerabilities  Make sure developers and testers understand the domain that the application serves  Avoid making implicit assumptions about user behavior or the behavior of other parts of the application