Abuse of Functionality

Description

An Abuse of Functionality attack is the misuse of inherent application features. Although many Abuse of Functionality attacks occur solely through using valid features in an unexpected or undesirable way, others may exploit business logic vulnerabilities, or insufficient anti-automation vulnerabilities. The misuse may adversely affect the application itself, applications’ users, application data, and application owners.

Abuse of Functionality can be mistakenly reported as Denial of Service (DoS), but DoS is often only a side-effect of the intended Abuse of functionality attack, not the primary aim.

References

CAPEC: Abuse Existing Functionality Abuse of Functionality OWASP Automated Threat Handbook - Web Applications