OWASP TimeGap Theory is an auto-scoring capture-the-flag game. Unlike other CTFs, TimeGap theory focuses only on TOCTOU vulnerabilities. There are seven unique challenges and all of them can be solved by using browser dev tools. This means no need for fiddling with proxy setup. Setting up the TimeGap theory lab is also very easy. You can either issue a docker command or just do a one-click install on Heroku to get the lab running.
TimeGap Theory is free and open-source. This means all these amazing stuff are going to cost you exactly ZERO money. On top of that, you get books, videos, and even a support channel on Slack in case you get stuck on the TOCTOU journey.
When: Tuesday, October 22nd, 2020
Where: GLOBAL APPSEC® 2020 - VIRTUAL
What: Learn to Exploit TOCTOU Race-Condition Vulnerabilities with OWASP TimeGap Theory
Who: Abhi M Balakrishnan
Abhi M Balakrishnan is an application security consultant from SecurityCompass, San Francisco. Abhi is here to introduce his new project - OWASP TimeGap Theory.
In the past, he has been the project leader for OWASP Mantra, OWASP Bricks, Alert Labs, Bricktown, web-app security testing with browsers, and Snow. At Security-Compass, he spends most of his time either with developers creating threat models or with customizing SD-Elements solutions.