Vulnerability (computing)
Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface.
- Comment
- enVulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface.
- Depiction
- Has abstract
- enVulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface. Vulnerability management is a cyclical practice that varies in theory but contains common processes which include: discover all assets, prioritize assets, assess or perform a complete vulnerability scan, report on results, remediate vulnerabilities, verify remediation - repeat. This practice generally refers to software vulnerabilities in computing systems. Agile vulnerability management refers preventing attacks by identifying all vulnerabilities as quickly as possible. A security risk is often incorrectly classified as a vulnerability. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is the potential of a significant impact resulting from the exploit of a vulnerability. Then there are vulnerabilities without risk: for example when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability—a vulnerability for which an exploit exists. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or the attacker was disabled—see zero-day attack. Security bug (security defect) is a narrower concept. There are vulnerabilities that are not related to software: hardware, site, personnel vulnerabilities are examples of vulnerabilities that are not software security bugs. Constructs in programming languages that are difficult to use properly can manifest large numbers of vulnerabilities.
- Hypernym
- Weakness
- Is primary topic of
- Vulnerability (computing)
- Label
- enVulnerability (computing)
- Link from a Wikipage to an external page
- dmoz-odp.org/Computers/Security/Advisories_and_Patches/
- www.cloudvulndb.org
- Link from a Wikipage to another Wikipage
- Access control
- Adware
- Asset (computing)
- Attack (computing)
- Attack surface
- Audit trail
- Availability
- Browser security
- Buffer overflow
- Buffer over-read
- Category:Hacking (computer security)
- Category:Security compliance
- Category:Software testing
- Category:Vulnerability
- CIA triad
- Clickjacking
- Cloud computing
- Cloud service provider
- Code injection
- Committee on National Security Systems
- Common criteria
- Common Platform Enumeration
- Common Vulnerabilities and Exposures
- Common Vulnerability Scoring System
- Common Weakness Enumeration
- Computer emergency response team
- Computer hardware
- Computer language
- Confidentiality
- Confused deputy problem
- Countermeasure (computer)
- Cross-site request forgery
- Cross-site scripting
- Cryptography
- Dangling pointer
- Data validation
- Default permit
- Defence in depth
- Directory traversal
- E-mail injection
- ENISA
- Exploit (computer security)
- Factor Analysis of Information Risk
- File:2010-T10-ArchitectureDiagram.png
- File system permissions
- Firewall (networking)
- Format string attack
- FTP bounce attack
- Full disclosure (computer security)
- HTTP header injection
- HTTP response splitting
- IEC 27002
- IEC 27005
- IETF
- Information security
- Information Security
- Information security management system
- Information technology security audit
- Integrity
- International Organization for Standardization
- Internet security
- Intrusion detection system
- IPv4
- IPv6
- ISACA
- IT risk
- ITSEC
- Linux
- List of tools for static code analysis
- MacOS
- Malware
- Memory safety
- Microsoft
- Microsoft Windows
- Mitre Corporation
- Mobile security
- National Information Assurance Glossary
- National Information Assurance Training and Education Center
- National Institute of Standards and Technology
- Network architecture
- NIST
- OpenVMS
- Operating system
- OWASP
- Password strength
- Penetration test
- Physical security
- Privacy law
- Privilege escalation
- Race Condition
- Race conditions
- Rapid7
- Responsible disclosure
- Risk factor (computing)
- Risk It
- Risk IT
- Risk management
- Security awareness
- Security bug
- Security controls
- Security service (telecommunication)
- Side-channel attack
- Social engineering (security)
- Software bug
- Spyware
- SQL injection
- Symlink race
- The Open Group
- Threat (computer)
- Threat actor
- Time-of-check-to-time-of-use
- Timing attack
- TippingPoint
- Unchecked user input
- United States
- Unix
- User interface
- Victim blaming
- Vulnerability management
- Vulnerability scanner
- White hat (computer security)
- Zero-day attack
- SameAs
- 4pER8
- Agujero de seguridad
- Beveiligingslek
- Biztonsági rés
- Boşluq (informatika)
- Drošības caurums
- m.048vgs
- Q631425
- Säkerhetshål
- Sicherheitslücke
- Tarkvara turvaauk
- Tietoturva-aukko
- Vulnerabilidade (computação)
- Vulnerabilità (informatega)
- Vulnerabilità informatica
- Vulnerabilitat (informàtica)
- Vulnerabilitate (securitatea informației)
- Vulnérabilité (informatique)
- Vulnerability (computing)
- Zranitelnost
- Уразливість (інформаційні технології)
- Уязвимост (компютри)
- Уязвимость (компьютерная безопасность)
- פרצת אבטחה
- آسیبپذیری (رایانه)
- نقطة ضعف (حوسبة)
- আক্রান্তপ্রবণতা (কম্পিউটিং)
- വൾനറബിലിറ്റി (കമ്പ്യൂട്ടിംഗ്)
- ช่องโหว่ (คอมพิวเตอร์)
- ယိုပေါက် (ကွန်ပျူတာ)
- セキュリティホール
- 漏洞
- 보안 취약점
- Subject
- Category:Hacking (computer security)
- Category:Security compliance
- Category:Software testing
- Category:Vulnerability
- Thumbnail
- WasDerivedFrom
- Vulnerability (computing)?oldid=1121142175&ns=0
- WikiPageLength
- 31951
- Wikipage page ID
- 1129827
- Wikipage revision ID
- 1121142175
- WikiPageUsesTemplate
- Template:Authority control
- Template:Commonscatinline
- Template:Computer hacking
- Template:Information security
- Template:ISBN
- Template:Reflist
- Template:Short description
