This article examines the differences between logical and technical web application vulnerabilities which tends to be a very confusing topic especially for web application developers and security – penetration experts because it would make sense that a vulnerability by any other name is simply confusing something that should be simple.
However, there are significant differences between technical and logical vulnerabilities which are critically important — especially if you are developing or penetration testing a web application.
Automated web application security scanners are indispensable when it comes to scanning for potential vulnerabilities. Web applications today have become complicated the point where trying to eliminate all vulnerabilities manually is nothing short of foolish. The task is too large to even attempt. And, even if you did, you are likely to miss far too many as a result of human error.
Don’t let that lead you to believe that humans have no place in the process. While computers are indispensable in their ability to tirelessly scan for technical vulnerabilities, humans have the unique ability to not only think logically, but also analytically.
As a result, we still play a critical role in the process of identifying vulnerabilities in websites and web applications and will likely do so for some time to come.
But what is the difference between logical and technical vulnerabilities? And where should humans intervene in the detection process? To understand this, let’s take a closer look at the difference between the two.
Technical vulnerabilities is an area where automated scanners excel — it is a rule-based process. It is also time intensive, because of the vast number of attack vectors and potential vulnerabilities. For a human to complete this process, while possible, would be extremely expensive and likely full of both false-positives and false-negatives.
A common example of a technical vulnerability (for example SQL Injection) would be an application that requires information to be submitted by a user through a form. Any data submitted needs to be properly sanitized and failure to do so could make your application vulnerable to attack.
Testing for this is a simple task. For example, a hacker could probe for a vulnerability by submitting an email address with a single quotation at the end of the text. The response they receive might indicate the presence of a vulnerability.
Now, imagine your web application has 300 potential inputs. Without automation, the process would be time-consuming for both the hacker and the penetration tester. Luckily, the test and the potential result are predictable and repeatable. This makes testing for vulnerabilities like this relatively easy for an automated scanner. Speed and consistency are important in the testing process because it only takes one vulnerability to cause a problem.
Logical vulnerabilities are much harder to detect primarily because they require a human to think about and assess a potential problem. While it’s true that some logical vulnerabilities can be programmed, it’s often cost-prohibitive to do so.
The ability to detect logical vulnerabilities can also be highly dependent upon experience. For example, consider a burglar trying to break into your house.
If the burglar only operated from a technical perspective, they might try to open each door and window in your house and come to the conclusion that it’s either locked or unlocked. If it’s locked, they would move on and try the next one. If it’s unlocked they would realize that a vulnerability is present.
On the other hand, if the burglar operated from a logical perspective and was experienced, they might look at your window and realize that it’s 25 years old. As a result of experience, they might realize that your locking mechanism could be worn out. By simply tilting the window in the right fashion, the lock might pop out of place and the window would open.
This is the kind of logical vulnerability that requires a human to expose it. Now, let's imagine you’re running an eCommerce store. You offer a 40% bulk discount for anyone who purchases 10 or more of a single item. Your web application creates a URL that looks like this when someone places a qualifying order:
Now, imagine if someone came along and decided that they wanted the same 40% discount even if they only bought one item. They might try to use the following URL:
Would the above URL enable them to bypass your quantity requirement? What about this one:
Would this URL allow them to purchase a single item with a 90% discount?
These are just some basic examples of logical vulnerabilities that require input from a human. They also demonstrate the importance of using a security professional who is familiar with your industry and your application. That means hiring someone who has the right kind of experience and who can ask the right questions.
The good news about logical vulnerabilities is that, as a general rule, they are more difficult to find. Not only does a hacker require more skill to find them, but they also can’t use automated tools as easily.
The best real-world description of a logical vulnerability is when an attacker causes your web application to execute or to do something that was not intended to happen — as in the example above where someone was able to generate a discount that they should not have been entitled to.
The Importance of Assessing Technical and Logical Vulnerabilities
In order to properly assess a web application for vulnerabilities, it is critical to consider both technical and logical. Automated tools are invaluable when it comes to efficiency and reliability. They are thorough, tireless and, when setup properly, very reliable.
But that does not mean human input can be removed from the process. When it comes to assessing a situation from a logical and analytical perspective and considering potential outcomes, the human mind wins the battle every time.
Hopefully, this post makes clear the importance of using both automated tools and live penetration testers. Neither is 100% reliable but, when used in conjunction with one another, they provide a solution that is both cost-effective and reliable. Read more about web application vulnerabilities and testing methods by visiting our Web Application security scanner section.