Rafal Los is an old friend but first time contributor to EH-Net. Hope you enjoy this article. As always please let us know what you think or if you'd like Raf to pen any other articles.
Permanent link: [Article]-The Logic Behind Application Logic Defects
Rafal Los, Security Strategist for HP Software, Down the Security Rabbithole Podcast
It’s no secret that web applications are at the center of the ongoing conflict between malicious hackers and those defending the applications. As more and more critical business functions migrate to an Internet presence, web applications play an extremely vital role in business. Hackers know this well and have been exploiting weaknesses in web applications at an alarmingly high rate.
While age-old issues like SQL Injection and authentication weaknesses continue to plague developers, there is another class of security defects that has been flying under the radar. Web application logic defects are not new. In fact, the topic has been covered at great length by various academic and research organizations. But unfortunately, this class of issues has not received enough attention due to the prevalence of much simpler attack vectors. While hackers may not be exploiting this class of defects in high volume, they are nevertheless extremely effective and stealthy.