Talk:Testing for business logic (OWASP-BL-001)
Description of Issues - Example 2
There something missing in Example 2. You've jumped from altering preferences to taking ownership of accounts.
I can understand that if I was editing preferences and sent userid 818 I'd alter the preferences of another company's user but how would ownership of that account change? Rick.mitchell 08:42, 25 June 2008 (EDT)