Using a case study to teach students about finding and fixing logic flaws in software

An application logic flaw is a type of software vulnerability related to privilege manipulation or transaction control manipulation. They are often difficult to identify using automated scanners. A case study on the eCommerce merchant software Bigcommerce, integrated with PayPal Express as a third party payment collector, was created to teach students about this topic. Case studies provide students with a real-world context, and help them understand complex topics better than traditional teaching methods. However, the computer science field, especially computer security, does not have many case studies available. The case study on logic flaws in software was taught in Spring 2015, and the teaching experience is discussed.