Combating Business Logic Attacks - Imperva Data Security Blog

January 20, 2010

Combating Business Logic Attacks

Imperva has released a new glossary term: Business Logic Attacks.

A Business Logic Attack (BLA) is an attack which targets the logic of a business application. The business application may be an online clothing shop, an online ticketing service for a theater, or even an Internet poll. As opposed to “traditional”, technical, application attacks, for example, XSS or SQL Injection, business logic attacks do not contain malformed requests and include legitimate input values making this sort of attack difficult to detect. Furthermore BLAs abuse the functionality of the application, attacking the business directly. A BLA is further enhanced when combined with automation where botnets are used to challenge the business application. These automated attackers are called Business Logic Bots (BLBs).

Posted by Rob Rachwald at 09:52:56 AM

Comments

Acronym suggestion: Instead of BLBs (business logic bots), what about BLABs for Business Logic Attack Bots?

Posted by: Mark Kraynak | January 20, 2010 at 12:33 PM

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.