Web Applications are sometimes designed based on flawed assumptions about how business logic should work, using the application in unintended ways may result in outstanding security vulnerabilities with a critical business impact . In this course, Web Application Penetration Testing: Business Logic Testing, you’ll learn to assess business logic flaws in modern web applications. First, you’ll explore scoping, and how to get the relevant business logic context of the application. Next, you’ll discover how to exploit business logic flaws based on the OWASP WSTG. Finally, you’ll learn how to identify and advise on bad design practices. When you’re finished with this course, you’ll have the skills and knowledge of business logic testing needed to assess the security of web applications.
Cristian is a Information Security Professional with experience in supply chain, manufacturing, gaming, and
entertainment sectors for Fortune 500 companies. He has provided expertise in incident response cases by
performing forensic investigations, malware analysis, and elaborating mitigation plans against
complex cyber attacks.
Course Overview Hi everyone. My name is Christian Pascariu, and welcome to my course, Web Application Penetration Testing: Business Logic Testing. I am an information security professional, and I look forward to sharing with you some great insights about application security. Business logic is unique to each application and, therefore, automated security tools have a low efficiency at detecting business logic vulnerabilities. This presents a great opportunity for us as penetration testers to assess business logic, identify vulnerabilities, and prevent any potential business impact. In this course, we're going to identify business logic vulnerabilities based on flaws in the design and implementation of web applications. Some of the major topics that we'll cover include exploit weak data validation, circumvent business workflows, identify file upload vulnerabilities, and we'll leverage the OWASP Web Security Testing Guide as a blueprint to cover the major categories of business logic testing. By the end of this course, you'll know how to identify, assess, and exploit logic flaws during web application penetration testing engagements. Before beginning this course, you should be familiar with some of the basic concepts of web application security. I hope you'll join me on this journey to learn business logic testing with the Web Application Penetration Testing: Business Logic Testing course, at Pluralsight.