Skip to content

Escape Documentation

Business Logic Vulnerability

Log in to Escape

Configuration: Business Logic Vulnerability¶

Identifier: business_logic_agent

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Business logic vulnerabilities let attackers abuse an application's intended workflows, bypassing constraints such as step ordering, pricing, or authorization even when no classic injection flaw is present.

How we test: Our AI pentest agents reason about the application's business flows and probe them for abuse, replaying and mutating multi-step sequences to detect when intended constraints can be bypassed.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  business_logic_agent:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.