From the course: CompTIA CySA+ (CS0-002) Cert Prep: 2 Vulnerability Management (2020)

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Race conditions

Race conditions

- [Instructor] Race conditions are a particularly dangerous security flaw and require careful attention from software developers and security professionals in order to prevent them. A race condition occurs when the proper functioning of a security control depends upon the timing of activities performed by the computer or the user. If the timing doesn't occur as expected, the software may behave in an unexpected manner. A common example of a race condition is a Time of Check to Time of Use, or TOCTOU, vulnerability. In a TOCTOU vulnerability, software first checks to see whether an activity is authorized and then waits some time before performing the action that is authorized. The catch it that the authorization status might have changed during the time that elapsed. Let's take a look at an example of a bank account. Imagine an ATM machine that dispenses cash. The algorithm for the machine might work something like this.…

Contents