The Business Logic Attack Definition (BLADE) Framework, is an open-source knowledge-base created to help cybersecurity professionals identify the tactics and techniques used by adversaries to exploit weaknesses in the business logic of web facing systems (websites and APIs). There are a range of attack frameworks (such as Mitre ATT&CK and Lockheed-Martin Kill Chain) available to allow cyber-security experts to model and respond to traditional cyber-attacks which aimed to exploit technology weaknesses in systems. These frameworks are not well suited for modelling business logic focused attacks yet these kind of attacks are becoming increasingly common.
Netacea's threat research team has worked with a range of security professionals to capture real world experience into a framework that captures the range of business logic attack types into a series of comprehensive kill chains, to allow security professionals to take a proactive approach in putting in defences against automated and business logic targeted attacks.
If you wish to provide feedback or join the project team, please refer to the Contribute page for guidelines on how to do so. For further guidance on how to read and understand the framework please refer to the Resources page.