A vulnerability is a weaknesses in a system that provides adversaries the opportunity to compromise assets. All systems have vulnerabilities. Even though the technologies and tools are improving the number of vulnerabilities are increasing. Vulnerabilities come from 4 main sources: hardware, software, network and procedural vulnerabilities.
1. Hardware Vulnerability:
A hardware vulnerability is a weakness which can used to attack the system hardware through physically or remotely.
- Old version of systems or devices
- Unprotected storage
- Unencrypted devices, etc.
2. Software Vulnerability:
A software error happen in development or configuration such as the execution of it can violate the security policy.
- Lack of input validation
- Unverified uploads
- Cross-site scripting
- Unencrypted data, etc.
3. Network Vulnerability:
A weakness happen in network which can be hardware or software.
- Unprotected communication
- Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
- Social engineering attacks
- Misconfigured firewalls
4. Procedural Vulnerability:
A weakness happen in an organization operational methods.
- Password procedure – Password should follow the standard password policy.
- Training procedure – Employees must know which actions should be taken and what to do to handle the security. Employees must never be asked for user credentials online. Make the employees know social engineering and phishing threats.