Vulnerabilities

Is a weakness in a system (software, hardware…). It’s a broad concept as a vulnerability can derive from many things.

A vulnerability allows an attacker to violate a reasonable security policy for that system.

• Policies define how a system should behave.

• Examples:

  • Wheels will turn left only when steering wheel turns left.

  • Phones will only allow access to its owner.

  • Programs will only run code inserted by its original developer.

Vulnerability number always increases as software grows.

• It’s inherent to the increased complexity, interactions, development process.

• Also, they do not disappear.

• Software is updated with fixes, but older software is still vulnerable.

Vulnerabilities are states in a computing system that either allows an attacker to:

• execute commands as another user.

• access data that is contrary to the specified access restrictions for that data.

• pose as another entity.

• conduct a denial of service (DoS) (affect availability).