### **What is a Security Vulnerability?** A security vulnerability is a weakness an adversary could take advantage of to compromise the confidentiality, availability, or integrity of a resource. In this context a weakness refers to...
A security vulnerability is a weakness an adversary could take advantage of to compromise the confidentiality, availability, or integrity of a resource.
In this context a weakness refers to implementation flaws or security implications due to design choices. For instance, being able to overrun a buffer’s boundaries while writing data to it introduces a buffer overflow vulnerability. Examples of notable vulnerabilities are Heartbleed, Shellshock/Bash and POODLE.
A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.
Examples of threats that can be prevented by vulnerability assessment include:
SQL injection, XSS and other code injection attacks. Escalation of privileges due to faulty authentication mechanisms.
Insecure defaults – software that ships with insecure settings, such as a guessable admin passwords. There are several types of vulnerability assessments. These include:
Host assessment – The assessment of critical servers, which may be vulnerable to attacks if not adequately tested or not generated from a tested machine image.
Network and wireless assessment – The assessment of policies and practices to prevent unauthorized access to private or public networks and network-accessible resources.
Database assessment – The assessment of databases or big data systems for vulnerabilities and misconfigurations, identifying rogue databases or insecure dev/test environments, and classifying sensitive data across an organization’s infrastructure.
Application scans – The identifying of security vulnerabilities in web applications and their source code by automated scans on the front-end or static/dynamic analysis of source code.
In this Grails 4 tutorial, we will show you how to build a secure Grails 4 application using Spring Security Core Plugin. We will add the login and register function to the Grails 4 application.
How to find security vulnerabilities before it’s too late. Scan Your Docker Images for Vulnerabilities
A comprehensive step by step tutorial on securing or authentication RESTful API with Spring Boot, Security, and Data MongoDB