Kelly Jackson Higgins over at Dark Reading had a very interesting article: "Cyberattacks don't always employ exploited vulnerabilities: Sometimes they prey on weaknesses in the business processes of an application -- so-called business-logic flaws. Web application security software vendor and security-as-a-service provider NT Objectives today released a list of the top 10 business logic attack vectors out there. A business logic flaw, for example, would entail using a simple script to manipulate the results of an online poll, or a shopping cart app with logic errors that allow attackers to bypass authentication and not actually pay for items." The article has a PDF Download with the Top 10 Business Logic Attack Vectors.