Agent skill
detecting-logic-bypass
Detects logic bypass vulnerabilities including authentication bypass, authorization bypass, and business logic flaws. Use when analyzing authentication mechanisms, access controls, or investigating security control bypasses.
Stars
163
Forks
31
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/security/detecting-logic-bypass
SKILL.md
Logic Bypass Detection
Detection Workflow
- Identify security controls: Find authentication mechanisms, authorization checks, validation functions, business logic rules
- Trace control flow: Use
xrefs_toto trace paths, identify bypass opportunities, check for missing checks - Check validation logic: Review validation functions, test bypass scenarios, assess validation completeness
- Assess bypass impact: What security control is bypassed? What's the business impact? How severe is the bypass?
Key Patterns
- Authentication bypass: weak password checks, session token weaknesses, timing attacks
- Authorization bypass: missing permission checks, insecure direct object references, privilege escalation
- Input validation bypass: blacklist-based validation, insufficient sanitization, regex bypass
- Business logic bypass: race conditions, state manipulation, transaction abuse
Output Format
Report with: id, type, subtype, severity, confidence, location, vulnerability, security control, bypass method, attack scenario, bypass steps, exploitability, impact, mitigation.
Severity Guidelines
- CRITICAL: Complete bypass of primary security control
- HIGH: Bypass of important security control
- MEDIUM: Partial bypass or edge case bypass
- LOW: Limited bypass with minor impact
See Also
patterns.md- Detailed detection patterns and exploitation scenariosexamples.md- Example analysis cases and code samplesreferences.md- CWE references and mitigation strategies
Didn't find tool you were looking for?