Business Logic Abuse – a recognized threat
The eFraudNetwork published a survey last week as part of the RSA conference. The purpose of the survey was to “…try and understand how online fraud and data breaches are impacting multiple industries and organizations.”
The survey covered many topics including data breaches, cross-industry information sharing, the Heartland breach, and spending to prevent fraud.
One the topics near and dear to my heart was the question that asked about attack types. The answers to this question showed that malware and viruses are at the top of people’s minds – which was to be expected. What I didn’t expect, though, was the percent of people who said that they have seen attacks against the business logic of their website.
Almost 20% of people said they had seen attacks against the business logic of their site. While this may seem like a small number to some of you, it is bigger than I was expecting. Attacks against business logic have been going on for years, but it has only been in the last year or so that the industry is recognizing them for what they are and taking notice of them.
I was thrilled to see that 20% of people understand that it is the business logic of their website that is allowing attacks. I’ll be very curious to see how this number changes when the eFN does a similar study next year, especially since it was made clear in the study that business logic attacks are one of the most dangerous attacks against a website.
Is anyone else surprised the number is so high?
1 Comment »
Leave a comment
About
Silver Tail is leading the fight against business logic abuse with 3rd generation fraud prevention.
Hackers are no longer high school kids trying to one-up their friends or criminals trying to just break-in to sites. Instead, today’s sophisticated hacker is organized crime, strategically targeting websites, stealing billions of dollars from companies and their customers. Vendors providing web application security and intrusion prevention have forced hackers to become much more innovative in their means of attacking websites. These hackers now target the legitimate business logic of websites to perpetrate their fraud, including hijack threats, velocity attacks and gaming schemes. Silver Tail is using the deep domain expertise of its team to provide software that combat business logic abuse in real-time.
Silver Tail was founded by a team of fraud prevention experts who built anti-fraud and anti-phishing tools at eBay and PayPal. Through their experience and proprietary algorithms, they have built a system that is scalable, minimizes false positive rates, and is extremely flexible to adapt to changing attack vectors.
Feedburner
RSS Feed
-
Archives
- January 2010 (1)
- December 2009 (6)
- November 2009 (7)
- October 2009 (8)
- September 2009 (7)
- August 2009 (8)
- July 2009 (7)
- June 2009 (6)
- May 2009 (6)
- April 2009 (14)
- March 2009 (8)
- February 2009 (5)
-
Categories
- behavior analysis
- business logic abuse
- Business Logic Flaw
- Business Process Abuse
- Compliance
- Cost of fraud
- Data Loss
- Detection
- education
- Fraud
- Gaming
- General
- information security
- Investigation
- Man-in-the-Browser
- Online Fraud
- Payment
- Phishing
- Prevention
- risk management
- Social engineering
- Social Networks
- Trust
- Uncategorized
- web logic abuse
- Zeus
-
RSS
Entries RSS
Comments RSS
i would say the percentage is high. also it is true that these kind of attacks are increasing day-by-day in this internet world.
-Mr.Ven