What is a computer security vulnerability?
Examples Beyond vocabulary, having new words in our vocabulary is understanding what they mean and what they have some meaning in our professions or in our lives.In every three speeches on cybersecurity we talk about vulnerabilities but rarely do we stop a bit to specify their definition. That is the exercise that we are going to address from this blog.
In cyber security, a vulnerability is a weakness that can be exploited by a cyber attack to gain unauthorized access or perform unauthorized actions on a computer system. Vulnerabilities can allow attackers to execute code, access system memory, install malware, and steal, destroy, or modify confidential data.
To exploit a vulnerability, an attacker must be able to connect to the computer system. Vulnerabilities can be exploited using a variety of methods including SQL injection, buffer overflows, cross-site scripting (XSS), and open source exploit kits that look for known vulnerabilities and security weaknesses in web applications.
What is the Meaning of this?
Vulnerability-what-it-means Errors happen, even in the process of construction and coding technology. What remains of these errors is commonly known as a bug. While bugs are not inherently harmful (except for the potential performance of the technology), many can be exploited by nefarious actors – these are known as vulnerabilities. Vulnerabilities can be exploited to force software to act in an unintended way, such as obtaining information on current security defenses in place.
A vulnerability is a weakness or error in the code of a system or device that, when exploited, can compromise the confidentiality, availability and integrity (the three pillars that we mentioned in a previous post, remember? Of the data stored in them to through unauthorized access, elevation of privilege, or denial of service A code or tool used to exploit a vulnerability is called exploit.
Most of the disclosed vulnerabilities are shared in the National Vulnerability Database (NVD) and listed on the Common Vulnerabilities and Exposures List (CVE) to facilitate data sharing through separate vulnerability capabilities.
Examples of security vulnerabilities:
A security vulnerability is a weakness, flaw, or bug found within a security system that has the potential to be exploited by a threat agent to compromise a secure network.
There are a number of security vulnerabilities, but some common examples are:
When authentication credentials are compromised, user sessions and identities can be hijacked by malicious actors to impersonate the original user.
As one of the most common security vulnerabilities, SQL injections attempt to gain access to database content through the injection of malicious code. A successful SQL injection can allow attackers to steal confidential data, fake identities, and participate in a collection of other harmful activities.
Like an SQL injection, a cross-site scripting (XSS) attack also injects malicious code into a website. However, a cross-site scripting attack targets website users, rather than the website itself, putting sensitive user information at risk.
Cross-site request forgery:
A cross-site request forgery (CSRF) attack aims to trick an authenticated user into taking an action that they do not intend to do. This, together with social engineering, can trick users into accidentally providing personal data to a malicious actor.
Incorrect security settings:
Any component of a security system that attackers can exploit due to wrong configuration can be considered a “Security wrong configuration.”
What is the difference between vulnerability and risk?
Cybersecurity risks are commonly classified as vulnerabilities. However, vulnerability and risk are not the same, which can lead to confusion.
Think of risk as the probability and impact of a vulnerability being exploited.
If the impact and probability of a vulnerability being exploited is low, then the risk is low. Conversely, if the impact and probability of a vulnerability being exploited is high, then there is a high risk.
In general, the impact of a cyber attack can be related to the CIA triad (not so matters of national security or espionage, we return to the previous post on computer security) or the confidentiality, integrity or availability of the resource. Following this train of reasoning, there are cases in which common vulnerabilities pose no risk. For example, when the information system with the vulnerability then it has no value for your organization.
Consider Reading to these articles: