ON DEMAND

Beyond the Pentest: Strategies to Safeguard Against Business Logic Vulnerabilities

December 3, 2024 | 10 AM PT

Bar Hofesh

Co-founder & CTO

LinkedIn
Bar Hofesh
Co-founder & CTO
Co-founder of Bright Security, Bar serves as their CTO. A globally recognized security and technology expert, Bar has held numerous roles, including CISO, System Architect, Security Advisor, and DevSecOps Advisor at over ten companies. As a leader and researcher, he has contributed to multiple publications and projects in cybersecurity. Bar holds CISO and MCITP certifications.

Business logic vulnerabilities (BLVs) have long been considered elusive threats, typically uncovered only through pentesting due to their unique “business” nature within each application. But is this really the case? Not always. The key to automating security testing for BLVs lies in identifying where their emphasis lays. Is the BLV unique to the specific business context, or is the underlying logic agnostic to the business context? Spoiler. Many BLVs actually belong to the latter group, and where there is logic, there is predictability, making many BLVs suitable for automated application security testing. In this webinar, we’ll explore the world of BLVs and why they should be a high priority for CISOs and AppSec teams rather than merely addressed during bi-annual pentests.

What we’ll cover:

  • What is a BLV, and how are they different from other OWASP categories
  • Best practices for identifying and mitigating BLVs (with examples)
  • Strategies for integrating BLV detection into your security workflows in an automated manner

By submitting this form, you consent to allow Bright to store and process the personal information submitted and to contact you in regards to the content or services requested. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our privacy policy.