OWASP TimeGap Theory
Learn TOCTOU security issues in web-apps by solving CTF challenges
Learn
Find and Exploit TOCTOU issues
Did they tell you that TOCTOU issues just happens to money transfer pages? They are wrong. It can happen to many scenarios. Let's learn some of them. Let's learn where to find them, how to find them, and how to exploit them. For fun and profit!Teach
Enlighten people around you
Were you looking for a platform and tools to teach people around you about TOCTOU issues? OWASP TimeGap Theory is the best for that.
Defend
Safeguard your apps
Do you want the power to look at an app, user flow, or app design and be able to tell if the scenario has room for TOCTOU issues? It's a lovely power to have while sitting in a threat-modeling session, and we can help you achieve it.TimeGap Theory in action.
A quick glimpse before you dive in
Home page of TimeGap Theory
The ultimate root page or landing page of OWASP TimeGap Theory.
See it now!Score page
Track your capture-the-flag progress on the score page. TimeGap Theory is an auto-scoring CTF. Which means you don't have to manually enter flags anywhere. TimeGap Theory will take care of it auto-magically.
See it in action!Settings page
This is OWASP TimeGap Theory's killer feature. You can bend time and make it go slow! It's like "bullet-time" scenes in The Matrix, but only better.
Bullet time
