From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Race conditions
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)
Race conditions
- [Instructor] Race conditions are a particularly dangerous security flaw and require careful attention from software developers and security professionals in order to prevent them. A race condition occurs when the proper functioning of a security control depends upon the timing of activities performed by the computer or the user. If the timing doesn't occur as expected, the software may behave in an unexpected manner. A common example of a race condition is a Time of Check to Time of Use, or TOCTOU, vulnerability. In a TOCTOU vulnerability, software first checks to see whether an activity is authorized and then waits some time before performing the action that is authorized. The catch it that the authorization status might have changed during the time that elapsed. Let's take a look at an example of a bank account. Imagine an ATM machine that dispenses cash. The algorithm for the machine might work something like this.…
Contents
-
-
-
-
-
-
-
-
(Locked)
OWASP (Open Web Application Security Project)5m 24s
-
(Locked)
Preventing SQL injection5m 29s
-
(Locked)
Understanding cross-site scripting6m 38s
-
(Locked)
Privilege escalation2m 14s
-
(Locked)
Directory traversal3m 16s
-
(Locked)
Race conditions2m 39s
-
(Locked)
Dereferencing NULL pointers2m 33s
-
(Locked)
Third-party code5m 40s
-
(Locked)
Interception proxies5m 22s
-
(Locked)
-
-
-