Exploiting Race Condition Vulnerabilities in Web Applications

Explore race condition vulnerabilities in web applications through this comprehensive conference talk from the Hack In The Box Security Conference. Dive into the increasing prevalence of race condition reports and their significant impact on major platforms. Understand the challenges in detecting these vulnerabilities and their potential for exploitation. Learn about various attack scenarios, including MFA bypass, anti-brute force mechanism circumvention, and limit overriding. Examine a custom-developed penetration testing tool and a vulnerable demo application to witness real-world attack scenarios. Gain insights into the limitations of current SAST/DAST tools in preventing and testing for race condition vulnerabilities. Master the concepts of Race Condition and TOCTOU vulnerabilities, their attractiveness to attackers, and their often-overlooked nature in penetration testing. Discover how easily these vulnerabilities can exist in various web programming languages and frameworks. Acquire practical skills for identifying and testing race conditions during penetration testing, guided by the expertise of Javan Rasokat, a senior application security specialist with extensive experience in secure coding and vulnerability research.