Race conditions in software arise when two concurrent threads of execution access a shared resource in a way that unintentionally produces different results; depending on the time at which the code is executed. For example, a multi-threaded program may spawn 2 threads that have access to the same location in memory.
What is ARP Poisoning or ARP Spoofing attack?
ARP spoofing attack is an attack in which an attacker sends falsified ARP (Address Resolution Protocol) messages over LAN. As a result, the attacker can link his MAC address with the IP address of a legitimate computer (or server) on the network.
What follows in the article is a brief overview of a OWASP Top 10 2017 vulnerability - A7-Insufficient Attack Protection.
This post is useful for beginners who want to understand about Insufficient Attack Protection and for developers to help protect their applications against this vulnerability.
Whenever a user with malicious intention visits any application, his first motive is to damage the application or to create a sense of panic among the application’s admins or users who are using the application.
It is natural behaviour for most attackers targeting an application to perform extensive research about the application, its services and categories of users accessing the application. The research usually starts with an ‘information gathering’ phase which includes collecting information about the application stack and usernames that are available to any random user who has access to the application, in addition to observing contact-us forms’ structures.
Once the attackers have enough information about the application, they try to start with their attacks on the application.