Common bugs and good practices

Race conditions

TOCTOU (Time-of-check to time-of-use)

This is a race condition where a check done on a ressource at a prior time no longer holds when the ressource is used

A good example is checking that a file exists, then open it without double check. The open could fail since the file could have been deleted in the mean time.

This bug can be exploited by an attacker if for example the resource is swapped during an access check and the actual access.

More info: