WhiteHat Business Logic Assessment Methodology

This document is a technical report detailing the WhiteHat Business Logic Assessment (BLA) methodology used for evaluating web application security vulnerabilities that are not effectively tested through automated means. The BLA process is designed to complement automated testing services by focusing on vulnerabilities related to business logic, which are often exploited by hackers. The report outlines the scope of assessments, which includes manual testing of web applications that utilize HTTP and TCP protocols. It describes the general methodology, emphasizing compliance with established standards such as OWASP Top 10 and WASC 2.0. The document also details various testing phases, including content discovery, application analysis, configuration testing, authentication testing, authorization testing, session management testing, identity management testing, input handling, and application logic testing. Each phase involves specific steps to identify vulnerabilities and ensure thorough evaluation. The qualifications of BLA engineers and the reporting of findings are also discussed, emphasizing the importance of manual assessments in identifying complex vulnerabilities.