-
-
Notifications
You must be signed in to change notification settings - Fork 660
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Requesting Clarifying Definition in the Business Logic Section Header #1869
Comments
Good idea. Here is my first cut of a definition: Business logic in application security refers to the customized rules and processes that safeguard an application in accordance with its specific requirements or the needs of the business it serves. These rules dictate various aspects such as user interactions, data handling, and system behavior, tailored to suit the unique characteristics of each application, business, or industry. Some examples of business logic vulnerabilities: Business Rule: Products should only be provided to customers after their transactions are successfully verified to prevent loss due to fraud or non-payment. Business Rule: High-value transactions above a certain threshold should be manually reviewed to ensure accuracy, legitimacy, and compliance with business policies. |
There are some things to keep in mind:
For all extra texts there must exist clear goals - why it exists, what (potential) confusion it eliminates, or what (potential) problem it solves. |
@elarlang I believe the added text makes sense and is not too long, I agree that before the draft we will need to decide how much text we want there and ensure there is consistency |
I like @jmanico's first cut definition and examples. Examples for this is something very useful to reinforce the definition. This seems good to me. |
I think Section 11: Business Logic could use a basic definition. I'll include a first iteration-
In the context of application security, business logic refers to how security controls protect business rules from being bypassed or abused
The text was updated successfully, but these errors were encountered: