Long ago, script kiddies developed the skills or acquired the tools to exploit the vulnerabilities that enable cross-site scripting (XSS) and SQL injection (SQLi) attacks, but exploiting business logic flaws has largely eluded less skilled attackers. The popularity and relative ease of exploiting XSS or SQLi vulnerabilities has led attackers to place less emphasis on challenging business logic flaws. Yet, according to