The ACME shopping chain has been seeing a decline in revenue for the past few years. A new CEO, Ms. RockStar, took charge a few months ago. Ms. RockStar wants ACME to get into online business. Getting online is essential for ACME to fight with competitors. The online presence is going to have a rewards program to encourage buyers, well, to buy more.
Thanks to the declining revenue, board-of-directors are slightly sensitive when it comes to spending money. The board has decided to outsource the entire web application development to the lowest bidder from Bangalore, India. The development team consists of four recent college graduates. All of them have accounts on StackOverflow. They stood on their promise and came up with the first beta version six months late.
Meanwhile, things were not going well on the ACME headquarters in San Jose, USA. One of the board directors, Mr.MoonShine's Facebook account got phished. Mr. MoonShine turned the conference room upside down last time, talking about the importance of "cyber" security. As a result of that, the board has decided to do a security verification of the current web application.
ACME scanned the web app with a commercial scanner. They got a very long report, and the development team is busy fixing them. Mr. MoonShine is still not impressed. He read some online articles and found that the commercial scanner they used does not check for TOCTOU vulnerabilities.
The CEO, Ms.RockStar, is your friend. She reached out to you, asking for help. A friend in need is a friend indeed. You offered her the helping hand and promised to check all of the seven essential pages for TOCTOU issues.