Business Logic Issues : The unexplored dark areas with plethora of bugs
In today's world, the internet is a powerful tool for resources, making it easier to identify and understand technical vulnerabilities. But what about the business logic issues that can range from very low to critical impacts on organizations? In this talk, we will discuss how we found business logic issues, the vulnerabilities that were identified and our approach to hunting for these bugs. We will explore the importance of understanding the logic in place and how it can be abused to create a impact on the business. Get ready to dive into the world of business logic vulnerabilities and the potential risks they can pose to organizations.
Prateek works as a security engineer at PhonePe. As a part time bug bounty hunter, Prateek loves finding business logic issues on bug bounty platforms. He also loves coding applications and works on automation and code reviews.
The talk will not only discuss the issues but also the patches implemented by developers and their bypasses.
The outline of the talk will be as follows:
- Understanding business logic issues
- Approaching applications
- Where to look and what to look for
- Examples of issues found
- Patches made by developers
- Bypass for the patches