The way that the application should handle the data and it’s flow
Here is an example
The logic behind Application 1 Is
the application want the user to enter the id of a living person
the vulnerability is that the user entered the id of deceased person and the application accept it
The logic behind Application 2 Is
the application want the user to enter the id of a deceased person
the vulnerability is that the user entered the id of living person and the application accept it
So that we overcome the application logic and that makes this vulnerability hard to spot
So as a penetration tester you have to understand the business logic what is supposed to do and beside the technical testing you should try to see if there anyway that the business logic of the application can be broken
Now we will have a look at may classes and example scenarios