business logic

What is business logic and how does it work?

In programming, business logic is the part of a software program responsible for implementing the business rules that define how data should be created, modified, transformed, communicated and in other ways managed and controlled. An application's business logic serves as its backbone, providing the foundation necessary to drive the application's core processes, workflows and other operations.

Business logic determines how and when to carry out operations such as transactions or calculations, building off the applicable business rules. Business logic defines the tasks and procedural steps necessary to perform these operations, often incorporating if-then logic that determines task flow. The business logic also controls interactions between business objects and defines the parameters that determine how each task is executed.

Examples of business logic

Here's one use case: A business rule for an e-commerce site might specify the proper amount of sales tax that should be applied to each sale based on the customer's location and what the customer purchased. To enforce this business rule, the application's business logic defines a sequence of operations that carry out the following tasks:

1. Gather the necessary sales information from the presentation layer or user interface.
2. Determine if a sales tax applies to this specific location and product by querying the backend database. If no sales tax applies, skip to Step 5.
3. Calculate the amount of tax for the particular sale.
4. Add that sales tax to the sales total.
5. Communicate the results to the presentation layer.

Calculating sales tax is only one of the many operations the business logic must address for an e-commerce site. For example, it might also need to apply discounts; calculate shipping charges; check inventory levels; verify payment methods, including credit card information; update contact information or carry out other tasks that ensure the validity of the information entered. At the same time, these operations must be carefully orchestrated to ensure consistency and reliability, while managing the flow of data and ensuring its security.

An application's business logic lies at the heart of any enterprise and is responsible for a range of business processes and operations that encode the applicable business rules. Business logic enforces data consistency across the organization's domain to ensure its integrity and reliability. It also controls which users and services can access and modify data, while at the same time preventing modifications that could affect the data's integrity and reliability.

Business logic plays a key role in the three-tiered architecture commonly used in application design. The tiers include a presentation layer, a business logic layer and a data access layer. The business logic layer acts as an intermediary between the presentation and data access layers, while supporting the application's core business functions. The business logic layer implements the components necessary to process and manipulate data, execute workflows and manage communications between the three layers.

Business logic vulnerabilities

Because business application logic plays such a vital role in application design, cybercriminals often target this layer, looking for flaws in either its design or implementation. In some cases, an organization might not realize that an application has been under attack until it's too late and the system and its data have already been compromised.

To mitigate the risks from cyberthreats, development teams should consider security and privacy early in the design stage, with development and security teams working closely together toward the common goal of data protection. They should also incorporate good development practices such as code reviews, security testing and ongoing monitoring.

Automated user interface testing includes maintenance, change management, debugging and business logic challenges. Learn how IT teams can navigate these obstacles.