What is a Logic Fracture?
A Logic Fracture is a structural flaw located in a business workflow, rather than a technical bug. This flaw allows a human attacker to abuse the application in a way that causes real financial or operational damage. No automated scanner can detect them because they require understanding what the application is supposed to do.
Why scanners cannot find Logic Fractures
Automated scanners work by matching known vulnerability signatures. They look for SQL injection patterns, XSS payloads, misconfigured headers, known CVEs. This works well for technical vulnerabilities with recognisable fingerprints.
A Logic Fracture has no signature. It is not a bug in the code, as the code works exactly as written. The flaw is in the design of the workflow itself. A scanner testing your refund endpoint sees that it responds correctly to valid requests. It does not ask: what happens if I request a refund for an order I did not pay for? What if I initiate two simultaneous refunds for the same order? What if I manipulate the order ID to point to another user's transaction?
These questions require a human who understands both the technical implementation and the business intent. That is what our Application Assessment delivers.
Real examples of Logic Fractures
Refund fraud via race condition
An e-commerce platform processes refunds asynchronously. By sending two concurrent refund requests for the same order before either is committed to the database, an attacker receives two refunds for a single purchase. The code validates each request individually, and both pass. This is not a SQL injection or an XSS. It is a logic flaw in how concurrent state is handled.
Price manipulation through parameter tampering
A checkout workflow sends the item price client-side and trusts it server-side for the final charge. By intercepting the request and modifying the price field, an attacker purchases a product at any price they choose. The application logic validates that a price is present and positive, but it does not validate that it matches the catalogue.
Multi-tenant data exposure
A SaaS platform uses sequential numeric IDs for resources. An authenticated user for tenant A queries a document with ID 4821. By incrementing to 4822, they retrieve a document belonging to tenant B. The application correctly authenticates the user, but it does not verify that the user belongs to the tenant who owns the resource.
Account takeover via password reset abuse
A password reset flow sends a token by email and also accepts it as a URL parameter. The token has a 24-hour expiry and is invalidated after use. However, the same token can be used to reset the password for a different account if the account ID parameter is modified in the reset confirmation request. Authentication is checked, but the binding between token and account owner is not enforced.
The business impact of Logic Fractures
Logic Fractures are often more damaging than technical vulnerabilities because they are targeted at the most valuable part of your application: the business logic that generates revenue or handles sensitive data. A refund fraud vulnerability in a payments platform is directly exploitable for financial gain. A multi-tenant access flaw in a SaaS product exposes competitor data and triggers GDPR breach notifications.
Under NIS2 and DORA, organisations are required to demonstrate resilience against real world attack scenarios. A regulatory auditor asking for evidence of application security testing will not accept a scanner report that missed the Logic Fractures exploitable by any motivated attacker.
How OwlAttack finds Logic Fractures
Our Application Assessment begins with business workflow mapping. Before any testing, we document your critical flows: payments, refunds, account management, inventory, multi-tenant access, export and import functions. This gives us the context to ask the right questions.
Testing is entirely manual. No automated scanners are used. Every finding is confirmed by hand and documented with a complete proof of concept, reproduction steps, and specific remediation guidance. In parallel, we cover the full OWASP Top 10, producing audit ready documentation for NIS2 and DORA compliance submissions.
Find the Logic Fractures in your application
Manual testing only. Results within 3 to 4 weeks. Serving EU companies subject to NIS2 and DORA.
Request an Application Assessment