The Open Worldwide Application Security Project (OWASP) has announced that the Business Logic Attack Definition Framework (BLADE Framework) has become The OWASP BLADE Framework Project in the fight against cyber fraud.
The name change reflects the acceptance of the attack framework as an OWASP project and recognition of the framework as an industry standard.
The BLADE Framework was launched as an open-source project in 2022 by Netacea, a specialist in bot management and cyberfraud threat intelligence. BLADE is a “MITRE ATT&CK style” framework to help cyber defenders understand and respond to business logic abuse through a matrix of tactics, techniques and phases (TTPs).
“The OWASP Foundation is proud to welcome the BLADE Framework as an official project. This resource, grounded in years of rigorous research and practical application, represents a significant advancement in the fight against business logic abuse. We are excited to support the continued development and adoption of this framework within the global cybersecurity community,” commented Starr Brown, Director of Open Source Programs and Projects at OWASP.
Business logic attacks, known to cybersecurity experts as bot attacks or automated online fraud, are one of the biggest threats to online enterprises today and the OWASP BLADE Framework Project maintains a globally accessible knowledge base of adversary tactics and techniques based on real-world observations of business logic abuse.
Matthew Gracey-McMinn, VP Threat Services, Netacea, said: “Highly organized criminal groups are spending considerable time and effort learning how to manipulate the logic of enterprise websites, mobile apps and APIs in their favor, generating millions of dollars in profit for themselves and causing billions of dollars in damage through cyberfraud, increased infrastructure costs and lost reputation.”
Automated threats like Account Takeover (ATO), scalping and bonus abuse are all too familiar to enterprise security analysts. But new threats and kill chains are appearing every day and are increasingly driven by offensive AI.
Updates to the OWASP BLADE Framework Project announced today include details of several new TTPs, along with linked kill chains and a number of AI-specific business logic threats, including scraper bots that steal content to train AI models.
Experts from the Netacea Threat Intel Center are available to supplement this open-source content with detailed explainers on these new attack vectors along with real world case studies. Netacea also demonstrates how it has battled these attacks successfully on behalf of customers and shows how to apply the OWASP BLADE Framework to help enterprises understand the scope of their bot or automated fraud problem and how to employ cybersecurity tools to mitigate these attacks.
Photo by Steve Johnson on Unsplash
