REVIEWER IN BUSINESS LOGIC

1.Nature of Business Logic Vulnerabilities

Business logic vulnerabilities, also known as application logic flaws, are a type of security
weakness that exploits flaws in the design and implementation of an application's business
logic. These vulnerabilities arise when developers fail to anticipate all possible scenarios or
edge cases, leading to unintended behavior that attackers can exploit.

Business logic vulnerabilities occur when developers make incorrect assumptions about
how users will use an app. It arises because the design and development teams make
flawed assumptions about how users interact with the application. These bad assumptions
can lead to inadequate validation of user input.

Here's how they arise:

1. Misinterpretation of Requirements: Developers may not fully understand the business

needs, leading to

app logic errors.

2. Complex Interactions: Modern systems often involve many parts (databases, APIs,
services).

If developers don't account for all possible interactions, they might miss a flaw.

3. Unanticipated Usage Developers may not consider unusual ways users could interact
with the app, causing vulnerabilities.

Examples:

Insufficient input validation: Failing to properly validate user input can allow attackers to
inject malicious code or special characters, bypassing security measures and manipulating
the application's logic

Flaws in business workflows: Vulnerabilities in the way an application's business logic is

designed and implemented can occur when the application doesn't correctly handle all
possible scenarios or when the sequence of steps can be manipulated unexpectedly

Inadequate session management: Improper session management can leave applications

open to attacks like session hijacking and session fixation, allowing attackers to
impersonate users and perform actions on their behalf.

Price Manipulation Users can easily change prices by altering website code or URLs. This
causes financial losses, inventory discrepancies, and unfair advantages. Our system should
validate prices to prevent this exploit
Putting excessive trust in users trusting users too much, allowing them to input invalid
data. This enables users to crash the system, hack our database, or enter false information.

Login Problems Weak login security lets hackers steal usernames, passwords, and
sensitive information. They can access confidential data, compromising our business.

2 IMPACTS OF BUSINESS LOGIC VULNERABILITIES

-The impact of business logic vulnerabilities can, at times, be trivial, It is a broad category,
and the impact is highly variable.

-Any unintended behavior can potentially lead to high-severity attacks if an attacker is able
to manipulate the application in the right way. Quirky logic should ideally be fixed even if you
can't work out how to exploit it yourself. There is always a risk that someone else will be able
to

-The impact of any logic flaw depends on what functionality it is related to. If the flaw is in the
authentication mechanism, for example, this could have a serious impact on your overall
security. Attackers could potentially exploit this for privilege escalation, or to bypass
authentication entirely, gaining access to sensitive data and functionality. This also exposes
an increased attack surface for other exploits.

-Flawed logic in financial transactions can obviously lead to massive losses for the business
through stolen funds, fraud, and so on.

-You should also note that even though logic flaws may not allow an attacker to benefit
directly, they could still allow a malicious party to damage the business in some way.

SUMMARY

1. Variable Risk: Business logic vulnerabilities can lead to unintended behaviors, and their
impact varies widely depending on the associated functionality

2. Authentication Flaws: Issues in authentication mechanisms can allow attackers to

bypass security measures, leading to unauthorized access and increased risk of privilege
escalation.

3. Financial Risks: Logic flaws in financial transactions can result in significant monetary
losses due to theft and fraud.

4. Indirect Consequences: Even if a logic flaw doesn't provide direct benefit an attacker, it
can still be exploited to cause harm to the business, underscoring the need for prompt
remediation
EXAMPLES OF BUSINESS VULNERABILITIES

1. Excessive trust in client-side controls

-The danger of assuming users will only interact with an application through its web interface
and that client-side validation is sufficient to prevent malicious input. This assumption is
flawed because attackers can manipulate data after it is sent from the browser using tools
like Burp Proxy, bypassing client-side controls. The absence of proper server-side validation
and integrity checks allows attackers to exploit the system, potentially causing significant,
damage to both business operations and website security. The impact of such flaws
depends on how the application handles and processes user input.

2. Making flawed assumptions about user behavior

-This lead to a wide range of issues where developers have not considered potentially
dangerous scenarios that violate these assumptions.

-Trusted users won't always remain trustworthy: Some applications may seem secure due
to strong initial business rules and security measures. However, assuming that users and
their data can be trusted indefinitely after passing these controls can lead to inconsistent
enforcement of security measures later on. This inconsistency can create vulnerabilities that
attackers may exploit.

Users won't always follow the intended sequence: Many transactions follow predefined
workflows, with the web. interface guiding users through each step. However, attackers may
not follow this sequence, and failing to account for this possibility can create security flaws
that are easy to exploit.

3. Email address parse discrepancies

-Attackers can exploit these discrepancies by using encoding techniques to disguise parts
of the email address. This allows them to bypass initial validation checks, while the server
interprets the email address differently. The main risk is unauthorized access, as attackers
can create seemingly valid email addresses from restricted domains, granting them access
to sensitive areas of the application, such as admin panels or restricted user functions.

4. Domain-specific Rows.

-To identify these vulnerabilities, it's important to understand the algorithms and logic
behind price adjustments and how they relate to user actions. Attackers may exploit the
system by making adjustments that don't reflect the original criteria. Domain-specific
knowledge is crucial for recognizing potential flaws and understanding the impact of certain
actions.

Example: Consider an online shop that offers a 10% discount on orders over $1000, This
could be vulnerable to abuse if the business logic fails to check whether the order was
changed after the discount is applied. In this case, an attacker could simply add iterns to
their cart until they hit the $1000 threshold, then remove the items they don't want before
placing the order. They would then receive the discount on their order even though it no
longer satisfies the intended criteria.

3. the keys to preventing business logic vulnerabilities are to:

-Make sure developers and testers understand the domain that the application serves

-Avoid making implicit assumptions about user behavior or the behavior of other parts of the
application

-You should identify what assumptions you have made about the server-side state and
implement the necessary logic to verify that these assumptions are met. This includes
making sure that the value of any input is sensible before proceeding.

-It is also important to make sure that both developers and testers are able to fully
understand these assumptions and how the application is supposed to react in different
scenarios. This can help the team to spot logic flaws as early as possible. To facilitate this,
the development team should adhere to the following best practices wherever possible:

-Maintain clear design documents and data flows for all transactions and workflows, noting
any assumptions that are made at each stage.

Code and implementation of

Maintain code clarity -Protection

Design a system that reduce a risk

Review the code

Automate the security processes

4. MULTIFACETED APPROACH

- refers to a strategy or method that integrates multiple dimensions, perspectives, or tools to

address a problem, optimize processes, or achieve goals. It emphasizes using diverse
techniques, resources, or frameworks to ensure comprehensive and effective solutions.
This includes

UNDERSTANDING CUSTOMER NEEDS

We need to always understand our customers to succeed. This means constantly learning
about them, not just doing one quick study. We'll use surveys and interviews to find out what
they want and need, now and in the future. Knowing what motivates them and what
challenges they face helps us create products that are unique and valuable.

SEGMENTATION AND TARGETING

The vast and diverse market requires businesses to segment their audience based on
various factors, such as age, gender, interests, and location. This segmentation allows for
targeted marketing efforts, tailoring messages and offerings to specific groups. By focusing
on the most relevant segments, companies can optimize their resources and enhance their
chances of success.

BUILDING STRONG BRANDS

Building a powerful brand isn't just about logos; it's about forging deep connections with
customers. Imagine a consistent brand experience, from website to social media that
resonates with your audience's values. That's how we build trust and lasting loyalty. Every
customer interaction is a chance to reinforce our brand promise, creating a community
around shared values and unforgettable experiences.

EFFECTIVE COMMUNICATION

• Effective Marketing hinges on a clear and compelling communications. Through various

channels like advertising, social media, and content creation, businesses convey their value
proposition to their audience. Engaging content that resonates with consumers aspiration
and challenges that can capture attention and generate interest, paving the way for potential
conversion.

INNOVATION AND ADAPTATION

The business world is constantly changing, so we need to be flexible and embrace new ideas.
We'll use the latest tools, from social media to data analysis and automation, to keep up with
the times. Always be watching for new trends and how people are changing their habits, and
adjust our plans to take advantage of new opportunities.

CUSTOMER RELATIONSHIP MANAGEMENT

Post-purchase engagement is a critical component of marketing. Nurturing ongoing

relationships with customers that fosters loyalty and encourages repeat business. Tools like
email marketing and loyalty programs allow businesses to stay connected with their
audience, offering exclusive deals, personalized recommendations, and exceptional
customer service.

MEASURING SUCCESS

Progress is always being checked to see how things are going and to find ways to improve.
Important things like website visits, sales, how much it costs to get new customers, and how
much money is made back are tracked. This helps to see what's working well and what needs
to be fixed. This information is used to make plans better and reach goals.

5. Challenges in the Internal Invironment

THE INTERNAL ENVIRONMENT

Organizations must understand both the global and internal environments, particularly the
local milieu where they operate. The internal environment comprises interrelated factors like
government. culture, stakeholders, competitors, suppliers, customers, and the community.
Recognizing these variables is crucial for organizational success.

GOVERNMENT: THE BUSINESS CARETAKER

The government is the sole legitimate institution tasked with overseeing organizational
operations in the country. In implementing these administrative functions and
responsibilities.

THE GOVERNMENT UNDERTAKES THE FOLLOWING:

Provides Essential Infrastructure:

Physical( roads,bridges,electricity and water)

Technological and communications

Economic

Social

political

Promotes Fair Competition:

Ensures a competitive market regulates monopolies, and prevents unfair practices

Regulates Business Practices

Develops policies for taxes, safety standards, product quality employee wages, and ethical
business conduct.

6. Culture
DIFFERENCES IN PERSPECTIVE

in an organization or country, there may be various groups with their own cultures, beliefs,
and traditions. These differences can lead to misunderstandings or tension.

CHANGING TIME

As society evolves, so does culture. Sometimes, traditional practices no longer align with
modern ways of living or operations, leading to conflicts between old and new ideas.

ADJUSTMENT OF PEOPLE

Citizens may find it difficult to adjust when the culture of an country does not align with their
own beliefs or behaviours

IMPLEMENTATION OF NEW PRACTICES

When new cultures or systems are introduced, there can be resistance because not
everyone is open to change.

HERE ARE SOME FILIPINO CULTURE

THE TRAIT OF HOSPITALITY

Filipinos are generally warm people. They are cordial, friendly, and accommodating. Their
doors are open to relatives and friends, most especially during town celebrations called
"fiestas."

THE PRACTICE OF BAYANIHAN

Filipinos, most especially those in the provinces, are generally helpful. This practice creates
an atmosphere of unity and concern among the town people.

THE VIRTUE OF RESILIENCY

The Filipinos are a flexible people. Despite the difficulties in their personal and social lives,
they can easily adjust and bounce back. They are born survivors.

7. challenges that the stakeholders are facing.

Decision Making Complexity did you know that this is one of the most significant challenge
of every stakeholders decisions are no longer straightforward or one-dimensional in modern
decisions often involve multiple interconnected factors, diverse stakeholder interests, and
uncertamties that make the process difficult to navigate.
Diverse expectation is also a challenge to every stake holders One of the biggest challenges
is managing the expectations of stakeholders. Different stakeholder groups often have
conflicting priorities, which can lead to tension and conflict economic pressures are another
significant challenge. Rising inflation, supply chain disruptions, and fluctuating currencies
put stakeholders under inmense financial strain. It's a tough balancing act to maintain
profitability while staying competitive." "Especially when economic uncertainties impact not
just businesses but also the communities they serve. The ripple effects are felt everywhere."
communication barriers. Misunderstandings, lack of clarity, and Misinformation can derail
even the best-laid plans. When stakeholders don't communicate effectively, it's like trying to
navigate in the dark Transparent and frequent communication is crucial to keeping everyone
aligned and informed lack of commitment. When stakeholders fail to take ownership or
follow through on their responsibilities, projects lose momentum. It's a major roadblock to
achieving goals" it often leads to frustration and distrust among stakeholders, which makes
resolving other challenges even harder

Resistance to Change:

-Stakeholders often resist changes introduced by businesses, especially those that threaten
their interests or perceived benefits. Many stakeholders hesitate to embrace new
technologies or processes, even when they know it's necessary. Fear of the unknown can be
a powerful deterrent.

Financial risk has become a significant challenge to stakeholders because it directly

impacts the stability and profitability of organizations. Factors such as market volatility,
fluctuating interest rates, inflation, and unexpected economic downturns can lead to
financial losses. For investors, this means reduced returns or potential loss of capital, while
businesses may face difficulties in maintaining cash flow or meeting financial obligations.
Additionally. financial risk can erode stakeholder confidence, making it harder to attract
investment, retain customers, or secure loans. As financial markets become more
interconnected, managing this risk has become increasingly critical for stakeholders

Priorities Conflict:

-Stakeholders may have different priorities and interests that can conflict with each other.
This can lead to disagreements, delays, and even project failures.

8.CHALLENGES IN THE INTERNAL ENVIRONMENT

Competitors: The Business Threats Competition

It is an economic scenario where nations, communities, organizations, companies, and

individuals offer and sell their products and services. Competitors continuously strive to
outplay and outsmart each other, hoping to get a larger share of the target market.

Types of Competitors:
Same Products Companies selling exactly the same products or offering the same services.
They are direct competitors. Example: Unilever and Procter & Gamble are in the same line of
business and sell the same products.

Similar Products- Companies selling similar products.

Example: Tea and coffee are similar products.

Substitute Products- Companies selling substitute products. Example: Fast-food centers

compete with marketplaces by providing cooked food and convenience instead of raw
ingredients like meat, fish, and vegetables.

Different Products -Companies selling different products but targeting the same market
segments.

Competitor Strategies:

Complementary Competition Companies that appear to compete with themselves to

capture a larger market.

Example: A real estate company selling low-cost housing to classes C and D and average-
cost housing to middle- income class families.

Collaborative Competition-Companies with strategic and cooperative relationships.

Example: Oil companies that engage in "friendly" competition.

Corrupted Competition Companies producing "fake" products that transgress intellectual

property rights through plagiarism, duplication, and false branding. These products are sold
at low prices.

Ways to Identify Competitors:

Determining Similarities- Analyzing products and services, applied technologies, and

strategies, including marketing.

financial, and managerial aspects.

Studying Consumers Observing demographic variables such as sex, civil status, age,
educational attainment, monthly income, employment, and psychographic variables like
needs, wants, attitudes, perceptions, purchase patterns, and buying behavior.

Researching Company- Data Gathering data on capitalization, number of customers,

distribution outlets, employees, financial strength, years in operation, and growth.

Considering Corporate Success Studying sales volume, market leadership, and goodwill.

9. SUPPLIERS
Suppliers are entities (companies, organizations, or individuals) that provide goods,
services, or materials to a business. They play a vital role in the production process and
overall operations by ensuring the availability of required inputs.

ROLES OF SUPPLIERS:

• Providing Raw Materials

Delivering Finished Products

• Offering Services

TYPES OF SUPPLIERS:

Manufacturers: Produce and sell raw materials (e.g., textile mills).

• Wholesalers:

Act as intermediaries, supplying large quantities to retailers.

• Service Providers: Offer non-tangible goods like delivery services.

KEY FACTORS IN SUPPLIER SELECTION:

• Reliability • Cost • Quality • Flexibility • Location

HERE ARE SOME CHALLENGES THAT CAN ARISE IN A COMPANY'S INTERNAL

ENVIRONMENT WITH SUPPLIERS:

• Inconsistent Quality

Late Deliveries

Cost Fluctuations

Communication Problems

Dependency on a Single Supplier

10. EXAMPLES OF BUSINESS CONTRIBUTIONS TO THE COMMUNITY

Supporting Local Agriculture

- Businesses help farmers grow better crops and earn more.

Helping the Environment

- Businesses reduce their environmental impact through actions like recycling and energy-
saving

Supporting Education

-Businesses invest in education to help children and build a stronger future workforce.

EXAMPLES OF BUSINESS CONTRIBUTIONS TO THE COMMUNITY

Volunteering and Community Service

-Businesses encourage employees to volunteer, Improving the community.

Disaster Relief and Support

-Businesses help during emergencies by providing aid to those in need.

IMPORTANCE OF COMMUNITY

• Sense of belonging

•Support

• Identity

•Opportunities to contribute

• Health

Community is the foundation of growth, where shared respect, teamwork, and dedication
transform individual patential into collective greatness.

HOW TO BUILD A STRONG COMMUNITY

1. Encourage Engagement

2. Share Relevant Content

3. Host Virtual Meetups

4. Acknowledge contributions

5. Empower Members

6. Promote inclusivity

7. Encourage Volunteering
8. Build Relationship

9. Collaborate with neigboring communities

CHALLENGES FACED BY COMMUNTIY

1. Diverse Needs

2. Poor infrastructure

3. Managing Expectations and

dependency

4. Lack of Funding

5. Luck of Trust

6. Access to basic needs.

7. Other challenges

11.Factors of the Competitive Environment

Introduction of Porter's Five Forces

Factors of the competitive environment

In 1979, Harvard Business School professor Michael E. Porter created a tool that allows
companies analyse competitive environment of a business which we call Porter's Five
Forces analysis. According to this method, there are five main factors of the competitive
environment:

1.Threat of new entrants

2. Power of suppliers

3. Power of buyers

4. Threat of substitute products

5. Rivalry among existing competitors

Porter's Five Forces

1. Threat of new entrants: how easy it is to enter the market

2. Power of suppliers: how easily suppliers can charge higher prices

3. Power of buyers: the ability of buyers to negotiate lower prices

4. Threat of substitute products: availability of alternative products

5. Rivalry among existing competitors: the intensity of competition

12.THE INTERNAL COMPETITIVE FACTORS

PRODUCT AND SERVICE QUALITY

Companies that offer better products and services are more competitive.

INNOVATION

Businesses that invest in research and development are more likely to introduce innovative
products

PRODUCTIVITY

Companies that can produce more at a lower cost have a better chance of increasing their
market share.

EMPLOYEES

People are the core of all factors that give businesses a competitive advantage.

INTERNAL SYSTEM

A company's systems and procedures that help it function properly and produce products
or services efficiently4

SKILL SETS

A collection of abilities, knowledge, and competencies that can be used to perform specific
tasks or functions.

CLIENT AND PROSPECT INTERACTIONS

How a company presents itself to clients and prospects can impact brand loyalty.

COST CONTROL

A business process that involves identifying and reducing expenses to increase profits.
13. Market research- market research it doesn't just uncover market trends or segments. It
also tells you which direct and indirect competitors operate in those segments. We Lies
social media business profiles on directories, and online surveys to discover our
competitors.

To Customer surveys and feedback"- we need to listen to what our clients are saying about
other businesses in your industry. This can help us identify competitors you may not have
been aware of

Social Media" this helps as Find out which products our target audience recommends on
social platforms for us to solve. At ang Facebook, Twitter and instagram are good places to
start.

Industry events and conferences And this method might be the most-casual a great way
to see your competitors in action. And the best part? All you have to do is attend an event or
conference in your industry. Your direct and indirect competitors will be there with the goods
or services they offer.

14. What are Direct Competitors?

Direct competitors are businesses that sell very similar products or services to the same
group of people. They often operate in the same industry or geographic location and are
basically trying to meet the same needs or solve the same problems for their customers.

Why understanding direct competitors matter?

-It helps businesses identify areas for improvement and growth. When businesses keep an
eye on their competitors, they can spot trends early, learn from mistakes, and avoid the
same pitfalls.

It helps businesses figure out how to stand out in a crowded market.

How businesses handle direct competitors?

Strategies

-Differentiation -Pricing -Marketing

15. WHAT IS INDIRECT COMPETITORS ?

Are Businesses that offer different Products or Services but target the same customers base
as another Business.

DIRECT VS. INDIRECT COMPETITORS

DIRECT VS. INDIRECT

The key differences between direct and indirect competition lie in their competition and
market dynamics. Direct competitors vie for the same purchase decisions, often resulting in
head-to-head battles for customer loyalty and market share. Indirect competitors, on the
other hand, capture customers through different means or preferences, with the customer
decision process often hinging on varying needs, contexts, or complementary benefits
INDIRECT COMPETITORS

EXAMPLES OF INDIRECT COMPETITORS

Blockbuster vs Netflix

Phone Vs. Laptop

Motor vs Bicycle

HOW TO MANAGE INDIRECT COMPETITORS

ESTABLISH YOUR INDIRECT COMPETITOR

ANALYZE YOUR INDIRECT COMPETITORS

BE PERSUASIVE WITH YOUR CUSTOMER

INTEGRATE YOUR INDIRECT COMPETITORS IDEA APPLY A LOGIC TO YOUR CUSTOMER'S

CONCERN

16. INTRODUCTION

What is microenvironment?

The microenvironment relates to the immediate periphery of an organization and directly

influences the organization on a regular basis. Hence, it is also known as the task
environment,

It is important for an organization to monitor and analyse an the elements of its micro
environment like customers, competitors, etc

ELEMENTS OF MICROENVIRONMENT
Let's take a quick look at all elements of a microenvironment:

Customers

Organization

Market

Intermediaries

Competitors

Suppliers

CUSTOMERS AND CONSUMERS

Customers are people who buy an organization's products/services in simple words, an

organization cannot survive without customers. A consumer, on the other hand, is the
ultimate user of the product/service.

For example, a husband night purchase a product for his wife. In this case, the husband is
the customer and the wife is the consumer.

A successful business keeps a close watch on both customers and consumers of its
products/services. It must monitor and track any changes in tastes and preferences of the
consumer along with changes in the buying habits of the customer.

One of the most important aspects of the micro environment of an organization is the self-
analysis of the organization itself. It must understand its own strengths and weaknesses,
objectives and goals of the business, and resource availability. The following non-specific
elements of an organization can affect its performance:

Owners

People who have a major shareholding in organization and the or have vested interests in the
wall being of the company

Board of Directors

The board of directors is elected by the shareholders for overseeing the general management
of the business and ensuring that the shareholder's interests are mat

Employees

People who work in the organise are major contributors to its success, it is important that all
employees embrace the organizations’ goals and object.