Detective Work for Testers: Finding Workflow-based Defects

Workflow-based Web application security defects are especially difficult on enterprises because they evade traditional simple point-and-scan vulnerability detection techniques. Understanding these defects, and how and why black-box scanners typically miss them, is the key to creating a testing strategy for successful detection and mitigation. Rafal Los describes the critical role that application testers play in assessing application workflows and how business process-based testing techniques uncover these flaws. Rafal demystifies the two main types of workflow-based application vulnerabilities: business process/logic vulnerabilities and parameter-based vulnerabilities. As the complexity of Web applications continues to increase, learn how to adjust your testing strategy to make sure you don’t miss these unique types of defects.