Methodology

If you prefer to read the entire Understanding Business Logic Assessments section in PDF format, you can view or print here.

General Methodology Overview

Our proprietary BLA methodology employs a variety of internal policies and procedures using a combination of browser add-ons, industry standard HTTP proxy tools, and custom tools developed in-house. To provide consistency, a custom-built "Hacklog" tool is used for all BLAs. This tool contains a custom checklist and user-created map of site functionality to ensure testing coverage and provide documentation of all BLA tests performed.

Production Safety

BLAs are performed with production safety as a top priority. The BLA protocol is designed to avoid any actions that could result in denial of service (DoS) or that could potentially have a negative impact on the application. Special care is taken when testing administrative functionality that could potentially impact other users.

Business Logic Assessment Services

Business Logic Assessments are included as an annual service in our WhiteHat Dynamic PE services; additional Business Logic Assessments for PE and SE assets can be purchased as add-ons.

Next, learn more about the vulnerability testing that Threat Research Center engineers perform as part of a BLA.