{"skill":{"slug":"bookforge-application-logic-flaw-testing","displayName":"Application Logic Flaw Testing","summary":"Test web application business logic for vulnerabilities that automated scanners cannot detect. Use this skill when: performing a penetration test or security...","tags":{"appsec":"1.0.0","bookforge":"1.0.0","business-logic":"1.0.0","cwe-362":"1.0.0","cwe-840":"1.0.0","cwe-841":"1.0.0","debug-disclosure":"1.0.0","defense-interaction":"1.0.0","discount-timing":"1.0.0","encryption-oracle":"1.0.0","forced-browsing":"1.0.0","latest":"1.0.0","logic-flaws":"1.0.0","negative-numbers":"1.0.0","owasp":"1.0.0","parameter-removal":"1.0.0","penetration-testing":"1.0.0","race-condition":"1.0.0","search-oracle":"1.0.0","session-poisoning":"1.0.0"},"stats":{"comments":0,"downloads":44,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1777294167022,"updatedAt":1777294615507},"latestVersion":{"version":"1.0.0","createdAt":1777294167022,"changelog":"Initial release – introduces a structured skill for manual testing of business logic vulnerabilities in web applications.\n\n- Provides a detailed methodology for identifying business logic flaws that automated scanners cannot detect.\n- Documents 12 reusable attack patterns for logic flaw discovery, mapped to OWASP and CWE standards.\n- Outlines a workflow for mapping application assumptions, multistage workflows, and shared components.\n- Designed for intermediate-to-advanced penetration testers, appsec engineers, and bug bounty researchers.\n- Outputs structured findings and remediation recommendations, focusing on violated assumptions and business impact.","license":"MIT-0"},"metadata":{"os":null,"systems":null},"owner":{"handle":"quochungto","userId":"s176b6gfk8djgcz320d83ta4e184bx1v","displayName":"Hung Quoc To","image":"https://avatars.githubusercontent.com/u/88069966?v=4"},"moderation":null}