pentest-business-logic

Installation
SKILL.md

Pentest Business Logic

Purpose

Identify flaws in application workflow enforcement, business rule validation, and state machine integrity that cannot be found by taint analysis or pattern matching. These vulnerabilities require understanding intended behavior and finding deviations.

Prerequisites

Authorization Requirements

  • Written authorization with explicit scope for business logic testing
  • Test accounts at multiple privilege levels (user, admin, premium, etc.)
  • Test payment methods or sandbox payment environment for financial testing
  • Rollback plan for any data-mutating tests (order creation, account changes)

Environment Setup

  • Burp Suite Professional with Repeater/Intruder configured
  • Playwright or Selenium for multi-step browser automation
  • Proxy configured to capture all application traffic
  • Test data seeded for workflow testing (products, coupons, user accounts)
Installs
48
GitHub Stars
286
First Seen
Feb 18, 2026
pentest-business-logic — jd-opensource/joysafeter