Business Logic Flaws – Still Impossible to Detect Automatically?
There has been a lot of discussion about business logic flaws in blogs and such lately. Jeremiah Grossman’s article on The Seven Business Logic Flaws that Put Your Website At Risk gets referenced quite often.
Even a recent announcement by SANS talks about how difficult it can be to automatically detect business logic flaws.
But isn’t it true that the traffic on a website could show you these flaws? In the case that criminals are able to exploit certain issues with business logic, that traffic on websites is going to look different from normal traffic. So, using technology like the behavior analytics in Silver Tail Systems’ Forensics solution is one way to detect these business logic flaws without understanding them ahead of time.
1 Comment »
Leave a Reply
About
Silver Tail is leading the fight against business logic abuse with 3rd generation fraud prevention.
Hackers are no longer high school kids trying to one-up their friends or criminals trying to just break-in to sites. Instead, today’s sophisticated hacker is organized crime, strategically targeting websites, stealing billions of dollars from companies and their customers. Vendors providing web application security and intrusion prevention have forced hackers to become much more innovative in their means of attacking websites. These hackers now target the legitimate business logic of websites to perpetrate their fraud, including hijack threats, velocity attacks and gaming schemes. Silver Tail is using the deep domain expertise of its team to provide software that combat business logic abuse in real-time.
Silver Tail was founded by a team of fraud prevention experts who built anti-fraud and anti-phishing tools at eBay and PayPal. Through their experience and proprietary algorithms, they have built a system that is scalable, minimizes false positive rates, and is extremely flexible to adapt to changing attack vectors.
Feedburner
RSS Feed
-
Archives
- May 2012 (5)
- April 2012 (7)
- March 2012 (13)
- February 2012 (6)
- January 2012 (4)
- December 2011 (7)
- November 2011 (8)
- October 2011 (9)
- September 2011 (5)
- August 2011 (7)
- July 2011 (7)
- June 2011 (6)
-
Categories
- behavior analysis
- business logic abuse
- Business Logic Flaw
- Business Process Abuse
- Compliance
- Cost of fraud
- Data Loss
- Detection
- education
- Fraud
- Gaming
- General
- information security
- Investigation
- Man-in-the-Browser
- Online Fraud
- Payment
- Phishing
- predictive analytics
- Prevention
- risk management
- Social engineering
- Social Networks
- Trust
- Uncategorized
- web logic abuse
- Zeus
-
RSS
Entries RSS
Comments RSS
[...] Business Logic Flaws – Still Impossible to Detect Automatically … [...]
Pingback by Hacking Internet Banking Applications | May 12, 2010 |