Explore race condition vulnerabilities in web applications through this 32-minute conference talk from Ekoparty 2022. Delve into the increasing prevalence of race condition reports and their significant impact on major platforms. Examine the challenges in detecting and preventing these vulnerabilities, and understand their potential for creating unforeseen states in program code. Learn about real-world attack scenarios, including MFA bypass, anti-brute force mechanism circumvention, and limit overriding. Discover a newly developed penetration testing tool with a distributed approach and a demo web application for hands-on exploration of race condition attacks. Gain insights into the effectiveness of SAST/DAST tools in identifying these vulnerabilities. Benefit from the expertise of Javan Rasokat, a senior application security specialist with extensive experience in secure coding and penetration testing.
A Race Against Time - How to Exploit Race Conditions in Web Apps
Ekoparty Security Conference via YouTube
Overview
Syllabus
Javan Rasokat - A race against time - How to exploit race conditions in web apps - Ekoparty 2022
Taught by
Ekoparty Security Conference
Related Courses
-
Exploiting Race Condition Vulnerabilities in Web Applications
-
Learn Step by Step Web Hacking and Penetration Testing
-
Smashing the State Machine - The True Potential of Web Race Conditions
-
The Voight-Kampff Test for Discovering Web Application Vulnerabilities
-
Hacking Web Apps
-
Web Application Exploit 101 - Breaking Access Control and Business Logic
