What is a Security Vulnerability?

What is a Security Vulnerability?

### **What is a Security Vulnerability?** A security vulnerability is a weakness an adversary could take advantage of to compromise the confidentiality, availability, or integrity of a resource. In this context a weakness refers to...

What is a Security Vulnerability?

A security vulnerability is a weakness an adversary could take advantage of to compromise the confidentiality, availability, or integrity of a resource.

In this context a weakness refers to implementation flaws or security implications due to design choices. For instance, being able to overrun a buffer’s boundaries while writing data to it introduces a buffer overflow vulnerability. Examples of notable vulnerabilities are Heartbleed, Shellshock/Bash and POODLE.

**

What is vulnerability assessment**

A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.

Examples of threats that can be prevented by vulnerability assessment include:

  • SQL injection, XSS and other code injection attacks. Escalation of privileges due to faulty authentication mechanisms.

  • Insecure defaults – software that ships with insecure settings, such as a guessable admin passwords. There are several types of vulnerability assessments. These include:

  • Host assessment – The assessment of critical servers, which may be vulnerable to attacks if not adequately tested or not generated from a tested machine image.

  • Network and wireless assessment – The assessment of policies and practices to prevent unauthorized access to private or public networks and network-accessible resources.

  • Database assessment – The assessment of databases or big data systems for vulnerabilities and misconfigurations, identifying rogue databases or insecure dev/test environments, and classifying sensitive data across an organization’s infrastructure.

  • Application scans – The identifying of security vulnerabilities in web applications and their source code by automated scans on the front-end or static/dynamic analysis of source code.

Angular 9 Tutorial: Learn to Build a CRUD Angular App Quickly

What's new in Bootstrap 5 and when Bootstrap 5 release date?

Brave, Chrome, Firefox, Opera or Edge: Which is Better and Faster?

How to Build Progressive Web Apps (PWA) using Angular 9

What is new features in Javascript ES2020 ECMAScript 2020

How to build a secure Grails 4 Application using Spring Security Core

In this Grails 4 tutorial, we will show you how to build a secure Grails 4 application using Spring Security Core Plugin. We will add the login and register function to the Grails 4 application.

Find Security Vulnerabilities when Scan Your Docker Images

How to find security vulnerabilities before it’s too late. Scan Your Docker Images for Vulnerabilities

Securing RESTful API with Spring Boot, Security, and Data MongoDB

A comprehensive step by step tutorial on securing or authentication RESTful API with Spring Boot, Security, and Data MongoDB