Ineluctable weakness of logical vulnerabilities

The talk encourages a new look at developing an approach towards seeking business logic vulnerabilities. This is significant, as there is no standard methodology to logic vulnerabilities, as it is dependent on the type of application being tested and the varied functionalities of the application. Looking at a functionality, it can be used to perform an action which is not expected. The information gathered can be used by pentesters /security auditors to visualize the possible logical vulnerabilities existing in the application during testing. The security audit/assessment which includes these logical vulnerabilities is a value added for the application owner’s organization, as these vulnerabilities would not have been detected by any tool, basic pentesting (based only on OWASP Top 10 or WASC Classification), and/or scanners. Slides: https://prezi.com/view/lDOezKMJ0d3U2iiztogg/