StackHawk adds Business Logic Testing (BLT) to its AppSec platform menu

StackHawk is adding Business Logic Testing (BLT) to its AppSec offerings. StackHawk’s BLT automates the detection of critical authorization flaws that account for 34% of security breaches.

Business logic flaws, such as broken object level authorization (BOLA) and broken function level authorization (BFLA), are top application security concerns that Stackhawk’s new BLT solution directly addresses. Identifying these flaws requires testing running applications with multiple users simultaneously, functionality that SAST and legacy DAST tools fundamentally lack.

Manual penetration testing has been the only option for AppSec teams, consuming valuable budget and internal team time that doesn’t scale with modern development velocity.

Key features of StackHawk Business Logic Testing:

• Multi-user role testing: Allows detection of BOLA and BFLA vulnerabilities by configuring multiple user profiles to evaluate both horizontal authorization (User A accessing User B’s data) and vertical authorization (regular users performing admin functions).
• Context-aware test orchestration: Automatically generates intelligent test sequences from OpenAPI specifications, coordinating requests across user profiles to test whether authorization boundaries hold—no manual configuration of test flows required. StackHawk understands how your APIs relate: what order endpoints should be called, what data from one response feeds into the next request, and how to generate contextually appropriate test data.
• Transparent test sequences: Visualized test sequence evidence in the StackHawk platform provides a comprehensive view of which roles were exercised, which parameters were extracted and injected, and the exact chain of steps leading to each discovered business logic flaw.

“Authorization testing has been notoriously difficult to automate because it requires orchestrating multiple user sessions and understanding complex API relationships,” said Scott Gerlach, CSO of StackHawk.

“This is why most organizations still rely on manual pentesting which is expensive and time consuming. But now teams can use StackHawk’s BLT solution to automatically run multi-user tests and leverage context-aware orchestration to find business logic flaws,” Gerlach concluded.