Business Logic Vulnerability

Business logic vulnerability happens when an application’s rules, workflows, or process assumptions can be manipulated without breaking technical controls. Attackers may abuse pricing logic, approval flows, referral systems, access workflows, payment journeys, or transaction rules. These vulnerabilities are highly contextual and often require human-led testing because they depend on understanding how the business process should work.