Knowledge Base - Issues

Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.

/ Ability to Forge Requests

Ability to Forge Requests is a vulnerability in Web and API applications that can allow attackers to send requests with forged data to the application. This vulnerability is classified under CWE-502 (Deserialization of Untrusted Data) in the Common Weakness Enumeration (CWE) directory and is identified as a Business Logic vulnerability...
Circumvention of Work Flows, also known as CWE-20, is a type of Business Logic vulnerability which allows attackers to bypass established workflow procedures. This vulnerability can occur in both web-based and API-based applications. According to the Common Weakness Enumeration (CWE) directory, the vulnerability is defined as “the ability to bypass...
Defenses Against Application Misuse (CWE-745) is a vulnerability related to web and API applications. It occurs when the application does not provide adequate defenses against attackers who attempt to misuse the application by bypassing security controls and attempting to use the application in unintended ways. The Common Weakness Enumeration (CWE)...
Element is not being deleted after delete is a type of vulnerability categorized under Business Logic (CWE-434), which can potentially occur in Web and API applications. This vulnerability occurs when a web or API application fails to delete an element from its database even after the element has been deleted....
Improper Enforcement of a Single, Unique Action (CWE-285) is a vulnerability in business logic that occurs when a web or API application fails to properly enforce a single, unique action. This vulnerability can lead to an attacker bypassing authentication and authorization controls, as well as executing unintended operations. This type...

/ Integrity Checks

Integrity checks are a type of IT vulnerability in the category of Business Logic. This type of vulnerability occurs in web and API applications when the application does not properly authenticate and authorize users, or is not validating the source of data being sent to the application (CWE-287). This can...

/ Logic Data Validation

Logic Data Validation (CWE-20) is an IT vulnerability related to business logic. It occurs when external data is used to control the flow of a program, and the data is not properly checked for accuracy, consistency, and completeness. This vulnerability can be found in both Web applications and Application Programming...
Number of Times a Function Can Be Used Limits is an IT vulnerability of the category Business Logic. This vulnerability is identified in the Common Weakness Enumeration (CWE) directory as CWE-843. According to the Open Web Application Security Project (OWASP) Testing Guide, this vulnerability occurs in Web and API applications...

/ Process Timing

Process Timing is a Business Logic vulnerability which occurs in web and API applications and is classified in the CWE directory as CWE-770. This type of vulnerability occurs when the application does not properly manage the length of time that it takes to process a request, which can result in...
Showing entries 1 to 9 of 9 entries.