The Art of Exploiting Logical Flaws in Web Applications

Explore the intricacies of exploiting logical flaws in web applications through this comprehensive conference talk from the Hack In The Box Security Conference. Dive into the complex world of logic vulnerabilities, which are often overlooked by automated scanning tools and pose unique challenges for developers and security researchers. Learn how to think outside the box and develop a philosophical approach to detecting and studying these flaws from scratch. The presentation is divided into two parts: classic logic flaws and real-world examples discovered in bounty programs. Gain insights into parameter tampering, account takeover, 2FA bypass, and privilege escalation through hands-on experimental tests in labs. Discover interesting clues and concepts for exploiting unknown logical vulnerabilities in real-world scenarios. Understand the fundamental difference between technical vulnerabilities and logic flaws, and how the latter relate to the incorrect logic in service operations. Join SaifAllah BenMassaoud, a Security Researcher at Intel, for this enlightening 1-hour and 10-minute session that will enhance your ability to identify and exploit logical flaws in web applications.