Timing Attacks


Time is one of the key parameters in a pentester’s work. It can either interfere with security analysis efforts by reminding you about the deadline and an eager client, or help you out when performing an audit. How? Take for example the database data extraction technique based on measuring server reply times that’s used in blind SQL injections. However, this approach isn’t limited to database operations. It can also be applied when working with file…