pentest-business-logic
Installation
SKILL.md
Pentest Business Logic
Purpose
Identify flaws in application workflow enforcement, business rule validation, and state machine integrity that cannot be found by taint analysis or pattern matching. These vulnerabilities require understanding intended behavior and finding deviations.
Prerequisites
Authorization Requirements
- Written authorization with explicit scope for business logic testing
- Test accounts at multiple privilege levels (user, admin, premium, etc.)
- Test payment methods or sandbox payment environment for financial testing
- Rollback plan for any data-mutating tests (order creation, account changes)
Environment Setup
- Burp Suite Professional with Repeater/Intruder configured
- Playwright or Selenium for multi-step browser automation
- Proxy configured to capture all application traffic
- Test data seeded for workflow testing (products, coupons, user accounts)