Hands-On Application Penetration Testing with Burp Suite
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Various business logic flaws

Every application has its own set of logic to get some functions done. Business logic is generally a set of steps required to get a job completed. Let's take an example where, if a user wants to purchase a product on the shopping site, he have to follow a series of steps: 

  1. Select an item
  2. Specify the quantity of the product
  3. Enter delivery information
  4. Enter card details
  5. Complete payment gateway procedures
  6. Purchase complete
  7. Delivery pending
  8. Delivery complete

As you can see, a lot of steps are involved and this is where an automated scanner fails.

本周热推:
城市数字化转型下的网络与数据安全网络运维亲历记 (网络运维纪实文学)走近安全:网络世界的攻与防白帽子安全开发实战复杂网络环境下访问控制技术
上一章目录下一章