Business logic and workflow abuse assessment for state-machine manipulation, race conditions, replay, quota abuse, order-of-operations flaws, delegated execution abuse, and unauthorized state transitions. Hands off to recon, input/protocol, exploit, or reporting workflows when those become the owner phase.
Business logic and workflow abuse assessment for state-machine manipulation, race conditions, replay, quota abuse, order-of-operations flaws, delegated execution abuse, and unauthorized state transitions. Hands off to recon, input/protocol, exploit, or reporting workflows when those become the owner phase.
Business Logic Abuse
Use When
The main question is workflow bypass, race condition, replay, quota abuse, confused deputy behavior, or unauthorized state transition.
A mapped workflow has meaningful business impact if steps are reordered, skipped, repeated, or delegated.
Handoff Criteria
Hand off to pentest-web-application-logic-mapper when the workflow is not mapped well enough to test.
Hand off to pentest-input-protocol-manipulation when parser or payload behavior becomes the main blocker.
Hand off to pentest-exploit-execution-payload-control only after a deterministic business-logic primitive exists.