Methodology

Our proprietary BLA methodology employs a variety of internal policies and procedures using a combination of browser add-ons, industry standard HTTP proxy tools, and custom tools developed in-house. To provide consistency, a custom-built "Hacklog" tool is used for all BLAs. This tool contains a custom checklist and user-created map of site functionality to ensure testing coverage and provide documentation of all BLA tests performed.

BLAs are performed with production safety as a top priority. The BLA protocol is designed to avoid any actions that could result in denial of service (DoS) or that could potentially have a negative impact on the application. Special care is taken when testing administrative functionality that could potentially impact other users.

Business Logic Assessments are included as an annual service in our WhiteHat Dynamic PE services; additional Business Logic Assessments for PE and SE assets can be purchased as add-ons.

Next, learn more about the vulnerability testing that Threat Research Center engineers perform as part of a BLA.