Personally, I think that this is the most important chapter in this book for all bug bounty hunters, and this is the type of vulnerability that marks the difference between a normal application security assessment, and the bug bounty hunting approach.
The application logic vulnerabilities are errors, difficult-to-find ones—that are generated by the logic applied during the development. Therefore, we need a lot of understanding about the following:
- How the application works
- How the application is managing each piece of information that's entered by the user
- How the application is interacting with other applications or services
- How the developers applied the technology used to construct the application
All of the preceding elements must be examined when trying to find errors in the implementation.
But, if all the development teams use a maturity model methodology to develop, why do these kinds of vulnerabilities exist? How is it possible that these flaws are not detected in the design phase? We'll, check this out in detail.