Exploiting Race Conditions in Web Applications

Description

A race condition attack is one of the most dangerous and underestimated attacks in modern web applications. Many people claim that this attack is not exploitable in real-world applications, but they are wrong.

In this course, you’ll learn how a race condition attack works. You’ll see how the attacker, who has $1000 in his bank account, can transfer more than $1000 from his bank account as a result of a race condition attack. You’ll also see how the attacker can reuse a one-time discount code many times as a result of a race condition attack. These attacks will be presented step by step in the demos so that you can see how race condition exploitation works in practice. What’s more - you'll learn how to check if your web applications are vulnerable to race condition attacks and you’ll also learn how to prevent these attacks from happening.

Last but not least – I’ll discuss case studies of award-winning race condition attacks. You’ll see that some of the greatest companies in the world (e.g. Facebook, Starbucks, and HackerOne) were vulnerable to these attacks and fortunately for these companies these bugs were detected and reported by ethical hackers. I hope this sounds good to you and I can’t wait to see you in the class.

What You Will Learn!

• Learn about one of the most dangerous and underestimated attacks in modern web applications
• Discover step by step how this attack works in practice (DEMOS)
• Check if your web applications are vulnerable to this attack
• Explore case studies of award-winning race condition attacks
• Become a successful penetration tester / ethical hacker
• Learn from one of the top hackers at HackerOne

Who Should Attend!

• Penetration testers, ethical hackers, bug hunters, security engineers / consultants

TAKE THIS COURSE