Yesterday Jeremiah Grossman and Trey Ford from WhiteHat Security gave a very interesting and fun presentation called ‘Get Rich or Die Trying – Making Money on The Web, The Black Hat Way‘. They went over several real world examples of business logic flaws, and in some cases profited (a lot) from those flaws.

The Get Rich or Die Trying slides are now online at After reviewing the slides, I remembered the Pepsi contest back in 2005 where they were giving away an Xbox 360 every 10 minutes. The hacks resulted in a 99% chance of winning an Xbox 360 in the contest. I’m not sure how many people ‘won’ an Xbox 360 in this method, but it took the contest owner several days to fix the issue.

Update: If you are in the Chicago Illinois area, Jeremiah will be doing an encore presentation at OWASP Chicago on August 21st.