ASVS Requirement 15.4.2

• Level: 3
• Chapter: V15 Secure Coding and Architecture
• Section: V15.4 Safe Concurrency
• Source: 0x24-V15-Secure-Coding-and-Architecture.md

Description

Verify that checks on a resource's state, such as its existence or permissions, and the actions that depend on them are performed as a single atomic operation to prevent time-of-check to time-of-use (TOCTOU) race conditions. For example, checking if a file exists before opening it, or verifying a user’s access before granting it.