When you are looking at cross-site scripting (XSS), SQL injection (SQLi), session management errors, or any other vulnerability described in this book, you are, quite simply, looking for patterns. This means that when you are analyzing an open-redirect vulnerability, you are always looking for a 3xx HTTP error code. When you are looking for input validation errors, you always enter special characters to generate an error. But, talking about application logic vulnerabilities, these are not patterns. So, most of the different quality assurance (QA) methods used by developers fail.

Finding logic bugs and not just security bugs is not possible using static analysis or automated tools, and if the QA team is so involved in the application's design, maybe they are in the same paradigm, and they never detect the fails.