Talk:Testing for business logic (OWASP-BL-001)

Revision as of 07:42, 25 June 2008 by Rick.mitchell (Talk | contribs)

Jump to: navigation, search

Description of Issues - Example 2

There something missing in Example 2. You've jumped from altering preferences to taking ownership of accounts.

I can understand that if I was editing preferences and sent userid 818 I'd alter the preferences of another company's user but how would ownership of that account change? Rick.mitchell 08:42, 25 June 2008 (EDT)