OWASP BLADE Framework

The Business Logic Attack Definition (BLADE) Framework, is an open-source knowledge-base created to help cybersecurity professionals identify the phases, tactics and techniques used by adversaries to exploit weaknesses in the business logic of web facing systems (websites and APIs). There are a range of attack frameworks (such as OWASP Top 10, Mitre ATT&CK and Lockheed-Martin Kill Chain) available to allow cyber-security experts to model and respond to traditional cyber-attacks which aimed to exploit technology weaknesses in systems. These frameworks are not well suited for modelling business logic focused attacks yet these kind of attacks are becoming increasingly common.

The BLADE framework team have worked with a numerous security professionals to capture real world experience into a framework that captures the range of business logic attack types into a series of comprehensive kill chains, to allow security professionals to take a proactive approach in putting in defences against automated and business logic targeted attacks.

BLADE already has a defined core team and governance model and is currently licensed under GPL open source licensing.

Road Map

As the BLADE framework is already in production outside of OWASP, the roadmap may be slightly different to other less mature projects. The core goals of the project leadership is as follows:

Immediate Aims:

To move BLADE v1.0 (stable release) into the OWASP ecosystem as a Lab project Public release and community engagement - the BLADE leaders would like to engage with OWASP to promote the framework in April 2025 if possible through press release / conference activity

Calendar Year 2025:

Conduct webinars, workshops, and conference presentations (OWASP events) Expand contributor network for maintenance and future updates Develop advanced use cases and real world examples of BLADE on the frontline Publish case studies and success stories from organisations using BLADE Move BLADE from Lab stage to incubator stage

Ongoing Maintenance & Future Enhancements (Calendar Year 2026):

Move BLADE into Flagship status Establish a long-term governance model for maintaining the framework Incorporate feedback from new security threats and industry changes Create training materials and courseware Continue community engagement through workshops and collaboration Stretch goal individual accreditation in BLADE Stretch goal application accreditation in BLADE