Business Logic Abuse Wikipedia Article
There’s an article on wikipedia on business logic abuse. I’ve heard differing views on Wikipedia – some say it is a super handy reference while others think that encyclopedia articles written by the masses are unreliable at best.
The thing that’s great about wikipedia is that it lets lots of people contribute to crafting a comprehensive article. So – if you have thoughts on how business logic abuse should be defined, or examples, or references, I’d encourage you to contribute your part.
3 Comments »
Leave a comment
About
Silver Tail is leading the fight against business logic abuse with 3rd generation fraud prevention.
Hackers are no longer high school kids trying to one-up their friends or criminals trying to just break-in to sites. Instead, today’s sophisticated hacker is organized crime, strategically targeting websites, stealing billions of dollars from companies and their customers. Vendors providing web application security and intrusion prevention have forced hackers to become much more innovative in their means of attacking websites. These hackers now target the legitimate business logic of websites to perpetrate their fraud, including hijack threats, velocity attacks and gaming schemes. Silver Tail is using the deep domain expertise of its team to provide software that combat business logic abuse in real-time.
Silver Tail was founded by a team of fraud prevention experts who built anti-fraud and anti-phishing tools at eBay and PayPal. Through their experience and proprietary algorithms, they have built a system that is scalable, minimizes false positive rates, and is extremely flexible to adapt to changing attack vectors.
Feedburner
RSS Feed
-
Archives
- December 2009 (5)
- November 2009 (7)
- October 2009 (8)
- September 2009 (7)
- August 2009 (8)
- July 2009 (7)
- June 2009 (6)
- May 2009 (6)
- April 2009 (14)
- March 2009 (8)
- February 2009 (5)
- January 2009 (8)
-
Categories
- behavior analysis
- business logic abuse
- Business Logic Flaw
- Business Process Abuse
- Compliance
- Cost of fraud
- Data Loss
- Detection
- education
- Fraud
- Gaming
- General
- information security
- Investigation
- Man-in-the-Browser
- Online Fraud
- Payment
- Phishing
- Prevention
- risk management
- Social engineering
- Social Networks
- Trust
- Uncategorized
- web logic abuse
- Zeus
-
RSS
Entries RSS
Comments RSS
I recently picked up a 1976 book about Computer Crime. Written by a Joe Friday sort of character, it shows that most of the nonsense we’re dealing with today is not at all new. From physical attacks on computers, stealing files from timesharing computers, privacy issues, and the use of computers to support fraudulent activities, it’s enjoyable and enlightening. See
Crime By Computer (Donn B. Parker)
Agree – the internet is just another means to commit crimes.
Your comment made me think of other old crimes, especially the “con”. Look up “confidence game” (http://en.wikipedia.org/wiki/Confidence_trick) and you find similar terms used in describing “business logic abuse” (exploit weaknesses, vulnerability, using legitimate transactions, social engineering, etc). Is the con just attacking the legitimate human logic?
[...] and business logic flaws) to commit online fraud. It’s getting a lot of recognition, from Wikipedia articles (as highlighted in a recent post) to Black Hat presentations like the one from Jeremiah Grossman at [...]