Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Business Logic Vulnerabilities
Introduction
Course Introduction (2:07)
Course Slides and Scripts
Getting Help
Answering Your Questions (3:11)
Join the Discord Server
Business Logic Vulnerabilities - Technical Deep Dive
Agenda (0:35)
What is a Business Logic Vulnerability (10:54)
How to Find & Exploit Business Logic Vulnerabilities (3:06)
How to Prevent Business Logic Vulnerabilities (1:53)
Additional Resources (0:35)
Lab Environment Setup
Lab Environment Setup (7:21)
Step-by-Step Guide
Hands-On Business Logic Vulnerabilities Labs
Lab #1 Excessive trust in client-side controls (24:40)
Lab #2 High-level logic vulnerability (25:55)
Lab #3 Inconsistent security controls (6:34)
Lab #4 Flawed enforcement of business rules (29:08)
Lab #5 Low-level logic flaw (14:10)
Lab #6 Inconsistent handling of exceptional input (15:20)
Lab #7 Weak isolation on dual-use endpoint (22:32)
Lab #8 Insufficient workflow validation (20:04)
Lab #9 Authentication bypass via flawed state machine (17:59)
Lab #10 Infinite money logic flaw (41:17)
Lab #11 Authentication bypass via encryption oracle (18:47)
Thank You!
Thank You!
Lab #9 Authentication bypass via flawed state machine
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock