You are here: Encyclopedia > Encyclopedia Part 2 > Logic Attack
The application logic or business logic includes the steps that are needed to be performed in order to successfully carry out a certain action. It does not have the biggest function in a particular web server. On the other hand, it denotes the definite task of the functionality of the application just like postage pricing rules and product discounts.
Application logic may be applied on a certain online shopping website function in which a customer is required to add his or her desired product to the online basket. Afterwards, the website will provide an online form which will ask for some pieces of private information from the client such as his or her name, address, as well as payment details. There is a great need to fill out the online form so as to accomplish the purchase effectively.
Attack on an application logic is carried out in such a way that it can find its way around the probable order of functions that is set up within the features of a particular application. The targets of this attack are commonly the websites. However, the users of the website together with their private data may also be aimed at by the vicious criminals.
Application logic attack may be described as something that is one-of-a kind because it requires the exploitation of the function that is exclusive to the application being targeted. In this kind of web assault, it is not the code that is being affected but the hole in the logic itself. Hence, it will be harder for the automated vulnerability testing devices to identify the occurrence of assaults within the website.
Providing the application of a website with a satisfactory process validation is one of the ways that can help in fighting off the widespread application logic assaults. Web developers, today, fail to offer adequate flow control that is why attackers find it easier to carry out their vicious plan against an application.