CHAPTER 6 – Logic Attacks

Publisher Summary Vulnerabilities in the business logic of a Web site are difficult to identify proactively. Automated scanners and source-code analysis tools have a syntactic understanding of the site. These tools have some degree of semantic understanding of pieces of the site, such as data that will be rendered within the HTML or data that will be part of a Structured Query Language (SQL) statement. None of the tools can gain a holistic understanding of the Web site. The workflows of a Web-based e-mail program are different from an online auction site. Workflows are even different within types of applications; one e-mail site has different features and different implementation of those features than another e-mail site. Logic-based attacks target workflows specific to the Web application. The attacker searches for loopholes in features and policies within the Web site. The exploits are also difficult to detect because they rarely use malicious characters or payloads that appear out of the ordinary. Logic-based vulnerabilities require analysis specific to each Web application and workflow. This makes them difficult to discover proactively but doesn't lessen their risk.