BLST focus on business logic attacks to provide more information, higher impact, and perfect working comfort.
In contrast to common attacks, such as SQLI and XSS, each logic attack is usually unique, since it has to exploit a function or a feature that is specific to each application.
Here's an example to a logic attack:
An online store offers a big discount if you purchase 10 of the same item.
- First, an attacker adds 10 items to the cart and the discount gets applied.
- Then, the attacker removes 9 of those items from the cart.
- And finally, since the system hasn't checked if there are still enough items in the cart, the attacker buys only 1 item and still gets the discount.
While this example seems pretty simple and easy to enforce, many developers forget to implement sanity-checks like this in many places. And, of course, there are also much more complicated logic attacks out there.
For summary, logic attacks are very common and are unique to each application and feature, and are also very dangerous. Both of those properties makes them very hard to discover using automated tools, but also very important do fix.
How we’re different
- BLST’s application-centric algorithms identify patterns and logic attacks in real time, helping service providers to adjust their operations and react quickly to changing demand.
- Our agnostic algorithm is unique in terms of learning of the traffic. Our Artificial Penetration Tester product simulates attacks on the application and then learns the results, therefore enabling it to work with any kind of web application.
- We combine a number of different methodology products into one, saving the company time and effort.