From Application Security and Development Security Technical Implementation Guide
Part of ASDV-PL-001995
Associated with: CCI-003178
A race condition is a timing event within an application that can become a security vulnerability. A race condition can occur when a pair of programming calls operating simultaneously do not work in a sequential or coordinated manner. A race condition is a timing event within software that can become a security vulnerability if the calls are not performed in the correct order.
Review the application documentation and architecture. If the application is a COTS application and the vendor will not provide code review test results that demonstrate the application has been tested and is not susceptible to race conditions, the requirement is NA. Interview the application admin and identify the most recent code testing and analysis that has been conducted. Review the test results; verify configuration of analysis tools are set to check for the existence of race conditions. If race conditions are identified in the test results, verify the latest test results are being used, if not, ensure remediation has been completed. If the test results show race conditions exist and no remediation evidence is presented, or if test results are not available, this is a finding.
Be aware of potential timing issues related to application programming calls when designing and building the application. Validate that variable values do not change while a switch event is occurring.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer