Race conditions are one of the most interesting vulnerabilities in modern web applications. They stem from simple programming mistakes developers often make, and these mistakes have proved costly: attackers have used race conditions to steal money from online banks, e-commerce sites, stock brokerages, and cryptocurrency exchanges.

Let’s dive into how and why these vulnerabilities happen, and how you can find them and exploit them.

Mechanisms

A race condition happens when two sections of code that are designed to be executed in a sequence get executed out of sequence. To understand how this works, you need to first understand ...