Web Application Penetration Testing: Business Logic Testing
Business logic flaws are context specific and very hard for automated tools to discover. This course will teach you how to identify and exploit business logic vulnerabilities.
Web Applications are sometimes designed based on flawed assumptions about how business logic should work, using the application in unintended ways may result in outstanding security vulnerabilities with a critical business impact . In this course, Web Application Penetration Testing: Business Logic Testing, you’ll learn to assess business logic flaws in modern web applications. First, you’ll explore scoping, and how to get the relevant business logic context of the application. Next, you’ll discover how to exploit business logic flaws based on the OWASP WSTG. Finally, you’ll learn how to identify and advise on bad design practices. When you’re finished with this course, you’ll have the skills and knowledge of business logic testing needed to assess the security of web applications.
Author Name: Cristian Pascariu
Author Description:
Cristian took part in auditing and implementation of infosec capabilities to uplift security posture. He managed codification efforts to extract indicators of compromise and created rules in the scope of defending against new emerging threats. He has also developed tools and scripts to overcome security gaps within the corporate network. Cristian has mentored L1 and L2 analysts to increase triage efficiency and combat new threats. He has experience in the field of Application Security and has pr… more
Table of Contents
- Course Overview
1min - Defining Business Logic Testing
16mins - Exploiting Weak Data Validation
16mins - Attacking Business Workflows
10mins - Testing File Upload Mechanisms
19mins
There are no reviews yet.