BLST focuses on business logic attacks to provide more information, higher impact, and perfect working comfort.
In contrast to common attacks, such as SQLI and XSS, each logic attack is usually unique, since it has to exploit a function or a feature that is specific to each application.
Here's an example of a logic attack:
An online store offers a big discount if you purchase 10 units of the same item.
- First, an attacker adds 10 items to the cart and the discount gets applied.
- Then, the attacker removes 9 of those items from the cart.
- Finally, since the system hasn't checked if there are still enough items in the cart, the attacker buys only 1 item and still gets the discount.
While this example seems pretty simple and easy to enforce, many developers forget to implement sanity-checks like these in many places. This is just a simple example, but there are much more complicated logic attacks out there.
To summarize, logic attacks are very common and are unique to each application and feature and are also very dangerous. Those properties make them very hard to discover using automated tools but also very important to fix.
How we’re different
- BLST’s application-centric algorithms identify patterns and logic attacks in real time, helping service providers adjust their operations and react quickly to changing demand.
- Our agnostic algorithm is unique in terms of learning the traffic. Our Artificial Penetration Tester product simulates attacks on the application and then learns the results, therefore enabling it to work with any kind of web application.
- We combine a number of different methodology products into one, saving the company time and effort.