Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Exploiting Race Conditions in Web Applications
Rating: 3.9 out of 5(5 ratings)
133 students

Exploiting Race Conditions in Web Applications

Learn About One of the Most Dangerous and Underestimated Attacks in Modern Web Applications
Created byDawid Czagan
Last updated 5/2023
English

What you'll learn

  • Learn about one of the most dangerous and underestimated attacks in modern web applications
  • Discover step by step how this attack works in practice (DEMOS)
  • Check if your web applications are vulnerable to this attack
  • Explore case studies of award-winning race condition attacks
  • Become a successful penetration tester / ethical hacker
  • Learn from one of the top hackers at HackerOne

Course content

5 sections5 lectures35m total length
  • Introduction1:52

Requirements

  • Basic hacking skills

Description

A race condition attack is one of the most dangerous and underestimated attacks in modern web applications. Many people claim that this attack is not exploitable in real-world applications, but they are wrong.

In this course, you’ll learn how a race condition attack works. You’ll see how the attacker, who has $1000 in his bank account, can transfer more than $1000 from his bank account as a result of a race condition attack. You’ll also see how the attacker can reuse a one-time discount code many times as a result of a race condition attack. These attacks will be presented step by step in the demos so that you can see how race condition exploitation works in practice. What’s more - you'll learn how to check if your web applications are vulnerable to race condition attacks and you’ll also learn how to prevent these attacks from happening.

Last but not least – I’ll discuss case studies of award-winning race condition attacks. You’ll see that some of the greatest companies in the world (e.g. Facebook, Starbucks, and HackerOne) were vulnerable to these attacks and fortunately for these companies these bugs were detected and reported by ethical hackers. I hope this sounds good to you and I can’t wait to see you in the class.

Who this course is for:

  • Penetration testers, ethical hackers, bug hunters, security engineers / consultants