什么是 pentest-business-logic?
业务逻辑漏洞测试 — 工作流程绕过、支付操纵、状态机滥用和功能限制规避(根据 WSTG-BUSL)。 来源:jd-opensource/joysafeter。
·pentest-business-logic
!
pentest-business-logic
✓业务逻辑漏洞测试 — 工作流程绕过、支付操纵、状态机滥用和功能限制规避(根据 WSTG-BUSL)。
如何安装 pentest-business-logic
通过命令行快速安装 pentest-business-logic AI 技能到你的开发环境
- 打开终端: 打开你的终端或命令行工具(如 Terminal、iTerm、Windows Terminal 等)
- 运行安装命令: 复制并运行以下命令:npx skills add https://github.com/jd-opensource/joysafeter --skill pentest-business-logic
- 验证安装: 安装完成后,技能将自动配置到你的 AI 编程环境中,可以在 Claude Code、Cursor 或 OpenClaw 中使用
来源:jd-opensource/joysafeter。
SKILL.md
查看原文Purpose Identify flaws in application workflow enforcement, business rule validation, and state machine integrity that cannot be found by taint analysis or pattern matching. These vulnerabilities require understanding intended behavior and finding deviations.
| WSTG-BUSL-01 | Test Business Logic Data Validation | ✅ | | WSTG-BUSL-02 | Test Ability to Forge Requests | ✅ | | WSTG-BUSL-03 | Test Integrity Checks | ✅ | | WSTG-BUSL-04 | Test for Process Timing | ✅ | | WSTG-BUSL-05 | Test Number of Times a Function Can Be Used Limits | ✅ | | WSTG-BUSL-06 | Testing for the Circumvention of Work Flows | ✅ |
| WSTG-BUSL-07 | Test Defenses Against Application Misuse | ✅ | | WSTG-BUSL-08 | Test Upload of Unexpected File Types | ✅ | | WSTG-BUSL-09 | Test Upload of Malicious Files | ✅ | | WSTG-BUSL-10 | Test Payment Functionality | ✅ |
可引用信息
为搜索与 AI 引用准备的稳定字段与命令。
- 安装命令
npx skills add https://github.com/jd-opensource/joysafeter --skill pentest-business-logic- 分类
- !安全工具
- 认证
- ✓
- 收录时间
- 2026-02-25
- 更新时间
- 2026-03-10
快速解答
如何安装 pentest-business-logic?
打开你的终端或命令行工具(如 Terminal、iTerm、Windows Terminal 等) 复制并运行以下命令:npx skills add https://github.com/jd-opensource/joysafeter --skill pentest-business-logic 安装完成后,技能将自动配置到你的 AI 编程环境中,可以在 Claude Code、Cursor 或 OpenClaw 中使用
这个 Skill 的源码在哪?
https://github.com/jd-opensource/joysafeter
详情
- 分类
- !安全工具
- 来源
- skills.sh
- 收录时间
- 2026-02-25