Skip to content

Web pentester prompt: add business-logic abuse backlog section#380

Merged
vmayoral merged 1 commit intoaliasrobotics:mainfrom
CristiVlad25:add-business-logic-tests
Jan 15, 2026
Merged

Web pentester prompt: add business-logic abuse backlog section#380
vmayoral merged 1 commit intoaliasrobotics:mainfrom
CristiVlad25:add-business-logic-tests

Conversation

@CristiVlad25
Copy link
Contributor

@CristiVlad25 CristiVlad25 commented Dec 17, 2025

Summary:

  • Add a new “Business-Logic Abuse Backlog (10-15 app-specific test vectors)” section to the Web Pentester system prompt.
  • Instructs the agent to generate app-specific, observed-flow abuse tests (state skips, replay, race, entitlement bypass) to drive focused validation.

Why:

  • Business-logic vulns are app-specific and high-impact; this prompts consistent, structured discovery of abuse vectors after initial navigation.

Testing:

  • N/A (prompt-only change)

Notes:

  • Non-destructive by default; escalates to asking before irreversible-impact tests.

@vmayoral vmayoral merged commit e796efb into aliasrobotics:main Jan 15, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vmayoral vmayoral vmayoral approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CristiVlad25 @vmayoral