pentest-business-logic-abuse | Skill Performance & Reviews | TopRankSkills

TopRank Skills

Home / Skills / tools / pentest-business-logic-abuse

pentest-business-logic-abuse

maintained by NeverSight

star 66 account_tree 19 verified_user MIT License
bolt View GitHub

name: pentest-business-logic-abuse description: "Security assessment skill for business workflow abuse, state-machine manipulation, and control-plane logic flaws. Use when prompts include workflow bypass, race condition, replay, quota abuse, order-of-operations flaws, delegated execution abuse, or unauthorized state transitions. Do not use for pure input injection fuzzing, broad recon, or standalone report formatting tasks."

Business Logic Abuse

Activation Triggers (Positive)

  • business logic
  • workflow bypass
  • race condition
  • state transition
  • replay
  • quota abuse
  • confused deputy
  • delegated execution

Exclusion Triggers (Negative)

  • payload fuzzing only
  • endpoint recon only
  • report polishing only

Output Schema

  • Workflow model: step, required controls, bypass hypothesis
  • Abuse sequence: ordered requests/events with timing notes
  • Impact proof: unauthorized state change and resulting capability

Instructions

  1. Model intended state transitions before adversarial testing.
  2. Identify assumptions in sequencing, concurrency, and cross-system coordination.
  3. Execute minimal abuse sequences that challenge those assumptions.
  4. Confirm impact through observable unauthorized state or action outcomes.
  5. Validate whether fixes require control relocation, not only input filtering.
  6. Hand off only confirmed primitives for exploit execution.

Should Do

  • Treat logic abuse as system-behavior testing, not payload-only testing.
  • Use time-aware evidence for race and replay cases.
  • Include reversible test design for stateful systems.

Should Not Do

  • Do not report logic flaws without demonstrated unauthorized effect.
  • Do not overuse concurrency that risks stability.
  • Do not substitute theoretical abuse paths for confirmed execution evidence.

chat Comments (0)

chat_bubble_outline

No comments yet. Be the first to share your thoughts!

Skill Details

GitHub Stars 66
GitHub Forks 19
Created Mar 2026
Last Updated 3 months ago
tools tools debugging

Related Skills

fabric
chevron_right
typescript-expert
chevron_right
break-loop
chevron_right
burp-suite
chevron_right
page-behavior-audit
chevron_right

Build your own?

Join 12,000+ developers contributing to the Claude ecosystem.