Unfortunately, the conference provided lunch today, but did not provide us time to eat it so I had to eat while listening to this talk.  It was by Trey Ford and Jeremiah Grossman from Whitehat Security and I’m pretty sure they’ve done it before.  You may even be able to download a copy of the presentation off of http://www.whitehatsec.com.  The gist of the presentation is that while you can use a web application vulnerability scanner to find things like SQL injection or cross-site scripting, there are still a lot of very serious business logic flaws that won’t get caught by those tools.  A malicious person could exploit these business logic flaws for anything from helping a Chihuahua win a dog contest to making millions trading on insider information or running affiliate scams.  Some of the exploits presented were so easy that your mom could figure out how to do it and didn’t require ANY technical skills.  While the presentation may have not been technical enough for the majority of the people attending this conference, I still give props to Whitehat for putting together a decent presentation on how hackers are using business logic flaws to make money on the web.  Be sure to e-mail Whitehat and ask to see the presentation.