CWE-840
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Business Logic Errors
Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.
Listes des membres CWE
Informations du CWE
Notes de cartographie des vulnérabilités
Justification : This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.Commentaire : See member weaknesses of this category.
Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 1.12 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description, Observed_Examples, References, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Terminology_Notes | |
| CWE Content Team | MITRE | updated Mapping_Notes, References, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
Références
REF-795
Business Logic Flaws and Yahoo GamesJeremiah Grossman.
https://blog.jeremiahgrossman.com/2006/12/business-logic-flaws.html
REF-796
Seven Business Logic Flaws That Put Your Website At RiskJeremiah Grossman.
https://docplayer.net/10021793-Seven-business-logic-flaws-that-put-your-website-at-risk.html
REF-797
Business Logic FlawsWhiteHat Security.
https://web.archive.org/web/20080720171327/http://www.whitehatsec.com/home/solutions/BL_auction.html
REF-798
Abuse of FunctionalityWASC.
http://projects.webappsec.org/w/page/13246913/Abuse-of-Functionality
REF-799
Defying Logic: Theory, Design, and Implementation of Complex Systems for Testing Application LogicRafal Los, Prajakta Jagdale.
https://www.slideshare.net/RafalLos/defying-logic-business-logic-testing-with-automation
REF-667
Real-Life Example of a 'Business Logic Defect' (Screen Shots!)Rafal Los.
http://h30501.www3.hp.com/t5/Following-the-White-Rabbit-A/Real-Life-Example-of-a-Business-Logic-Defect-Screen-Shots/ba-p/22581
REF-801
Toward Automated Detection of Logic Vulnerabilities in Web ApplicationsViktoria Felmetsger, Ludovico Cavedon, Christopher Kruegel, Giovanni Vigna.
https://www.usenix.org/legacy/events/sec10/tech/full_papers/Felmetsger.pdf
REF-802
Designing a Framework Method for Secure Business Application Logic Integrity in e-Commerce SystemsFaisal Nabi.
http://ijns.femto.com.tw/contents/ijns-v12-n1/ijns-2011-v12-n1-p29-41.pdf
REF-1102
Case Files from 20 Years of Business Logic FlawsChetan Conikee.
https://published-prd.lanyonevents.com/published/rsaus20/sessionsFiles/18217/2020_USA20_DSO-R02_01_Case%20Files%20from%2020%20Years%20of%20Business%20Logic%20Flaws.pdf
2025©
tesweb SA
