pentest-race-conditions

Purpose Exploit applications that fail to handle concurrent requests atomically — enabling double-spend, limit bypass, privilege escalation through parallel requests. Absent from standard WSTG categories but critical in real-world assessments.

| Timing Attacks | Turbo Intruder, race-the-web | Microsecond-synchronized parallel requests | | Async Scripting | Python asyncio/aiohttp, httpx | Custom race condition scripts | | Shell Concurrency | GNU parallel, xargs, curl | Quick parallel request testing | | Proxy Analysis | Burp Suite Repeater | Request replay and timing observation |

| Database Monitoring | pgstatactivity, SHOW PROCESSLIST | Observe lock contention and deadlocks |

Эксплуатация параллелизма — условия гонки, уязвимости TOCTOU и злоупотребление параллельными запросами в веб-приложениях. Источник: jd-opensource/joysafeter.