A Race Against Time - How to Exploit Race Conditions in Web Apps

Explore race condition vulnerabilities in web applications through this 32-minute conference talk from Ekoparty 2022. Delve into the increasing prevalence of race condition reports and their significant impact on major platforms. Examine the challenges in detecting and preventing these vulnerabilities, and understand their potential for creating unforeseen states in program code. Learn about real-world attack scenarios, including MFA bypass, anti-brute force mechanism circumvention, and limit overriding. Discover a newly developed penetration testing tool with a distributed approach and a demo web application for hands-on exploration of race condition attacks. Gain insights into the effectiveness of SAST/DAST tools in identifying these vulnerabilities. Benefit from the expertise of Javan Rasokat, a senior application security specialist with extensive experience in secure coding and penetration testing.