The survey was administered by Applied Research onsite at Black Hat and the initial data collected reflects responses from attendees. The Black Hat convention was attended mostly by IT managers and independent researchers; mostly in the high tech industry within North America. This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block.
The Importance of Logic and Critical Thinking
Cognitive Ability and Vulnerability to Fake News - Scientific American
Web application vulnerabilities can be split within two categories; logical and technical vulnerabilities. This post explains the main differences between these two different vulnerability categories. Web application vulnerabilities can be split into two distinct categories; logical vulnerabilities and technical vulnerabilities. The main difference between the two categories is their exploitation. Typically to exploit a technical vulnerability, the attacker takes advantage of a coding mistake, such as lack of sanitization that allows him to inject malicious code. To exploit a logical vulnerability, the attacker has to find a flaw in the way the web application makes decisions the logic part , for example, the web application fails to check a user's permissions. Therefore technical vulnerabilities can be easily detected with an automated web application security scanner but logical vulnerabilities cannot.
Humans make a lot of decisions each day, whether we are aware of them or not. Research shows that people make approximately decisions about food every single day 1. Although we may believe our decisions are rational, cognitive scientists argue that we are far less objective than we think.
Business logic vulnerabilities are relatively specific to the context in which they occur. However, although individual instances of logic flaws differ hugely, they can share many common themes. In particular, they can be loosely grouped based on the initial mistakes that introduced the vulnerability in the first place. In this section, we'll look at examples of some typical mistakes that design and development teams make and show you how they can directly lead to business logic flaws. Whether you're developing your own applications, or auditing existing ones, you can take the lessons learned from these examples and apply the same critical thinking to other applications that you encounter.