OWASP TimeGap Theory


OWASP TimeGap Theory is an auto-scoring capture-the-flag game that focuses entirely on TOCTOU vulnerabilities. There are seven unique challenges to be solved in TimeGap Theory. All of them can be solved just by using browser dev tools.



Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.


  1. Free and open source
  2. Auto-scoring system - no need to enter the flags yourselves
  3. Slow-down feature lets you learn more about the time gap between time-of-check and time-of-use
  4. No tools required - solve all changes just by using browser and browser dev tools
  5. Extensive documentation (coming soon)