Business Logic Vulnerability Router

v20260506

business-logic-vuln

This router guides the testing of systemic flaws in business processes and state machines. It is essential when vulnerabilities stem from workflow abuse, race conditions, pricing flaws, or multi-step state attacks, rather than simple input sanitation issues. Use it to test complex business flows like payments, inventory management, and approval sequences.

Business Logic Security Testing Workflow State Machine Race Condition Authorization Flaws

Get Skill

77 downloads

Overview

Business Logic Router

This is the routing entry point for business-logic and state-machine issues.

When to Use

The target involves coupons, inventory, payment, approvals, quotas, invites, trials, or state transitions
The issue is not parser-level; it is about when checks happen and which business conditions are checked
You suspect race conditions, workflow bypass, price tampering, negative values, stacked discounts, or multi-step flaws

Skill Map

Business Logic Vulnerabilities

Recommended Flow

First map key business states and one-time actions
Then check for check-then-act windows, sequence dependencies, or missing cross-step authorization
If the chain depends on APIs, uploads, or object permissions, return to the corresponding router skill to complete the path

Related Categories

Info

Category Development

Name business-logic-vuln

Version v20260506

Size 1.21KB

Source yaklang/hack-skills

Updated At 2026-05-08