We develop API security tools for companies all over the world that helps you avoid undefined user behaviour by validating your API specifications. BLST focus on business logic attacks to provide more information, higher impact, and perfect working comfort. In contrast to common attacks, such as SQLI and XSS, each logic attack is usually unique, since it has to exploit a function or a feature that is specific to each application. Here's an example to a logic attack: An online store offers a big discount if you purchase 10 of the same item. First, an attacker adds 10 items to the cart and the discount gets applied. Then, the attacker removes 9 of those items from the cart. And finally, since the system hasn't checked if there are still enough items in the cart, the attacker buys only 1 item and still gets the discount. While this example seems pretty simple and easy to enforce, many developers forget to implement sanity-checks like this in many places. And, of course, there are also much more complicated logic attacks out there. For summary, logic attacks are very common and are unique to each application and feature, and are also very dangerous. Both of those properties makes them very hard to discover using automated tools, but also very important do fix.