Question

A security analyst is inspecting pseudocode of the following multithreaded application:

1. perform daily ETL of data
1.1 validate that yesterday's data model file exists
1.2 validate that today's data model file does not exist
1.2 extract yesterday's data model
1.3 transform the format
1.4 load the transformed data into today's data model file
1.5 exit

Which of the following security concerns is evident in the above pseudocode?

A. Time of check/time of use
B. Resource exhaustion
C. Improper storage of sensitive data
D. Privilege escalation

Answer 1

The evident security concern in the pseudocode of the multithreaded ETL application is 'Time of check/time of use' (TOCTOU), which is a race condition that can lead to security vulnerabilities. so, option A is the correct answer.

Step-by-step explanation:

The security concern evident in the pseudocode of the multithreaded application pertaining to ETL operations is A. Time of check/time of use (TOCTOU). The pseudocode includes validations to ensure yesterday's data model file exists and today's data model file does not exist before proceeding with the extract, transform, and load operations. However, between the time of these checks (time of check) and the actual use of the files (time of use), there is a possibility that the state of the files could change due to the inherent nature of multithreading, where multiple threads might be accessing or modifying the files simultaneously. This gap between the check and the use presents an opportunity for a race condition that could lead to security vulnerabilities, such as data corruption or unauthorized data access.

The security concern evident in the pseudocode is improper storage of sensitive data.

The security concern evident in the given pseudocode is Improper storage of sensitive data. Specifically, the pseudocode does not validate the storage and handling of the extracted and transformed data.