Test for Process Timing
OWASP Web Security Testing Guide 4.2 > 10. Business logic Testing > 10.4. Test for Process Timing
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
10.4 | WSTG-BUSL-04 | Test for Process Timing | - Review the project documentation for system functionality that may be impacted by time. Such as execution time or actions that help users predict a future outcome or allow one to circumvent any part of the business logic or workflow. For example, not completing transactions in an expected time. - Develop and execute the mis-use cases ensuring that attackers can not gain an advantage based on any timing (Race Condition). |