Skip to main content
Engineering LibreTexts

1.5: Vulnerabilities

  1. Last updated
  2. Save as PDF
  • Page ID
    45686

    • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

    Vulnerability

    A vulnerability is a weaknesses in a system that provides adversaries the opportunity to compromise assets. All systems have vulnerabilities. Even though the technologies and tools are improving the number of vulnerabilities are increasing. Vulnerabilities come from 4 main sources: hardware, software, network and procedural vulnerabilities.

    1. Hardware Vulnerability:
    A hardware vulnerability is a weakness which can used to attack the system hardware through physically or remotely.
    For example:

    1. Old version of systems or devices
    2. Unprotected storage
    3. Unencrypted devices, etc.

    2. Software Vulnerability:
    A software error happen in development or configuration such as the execution of it can violate the security policy.
    For examples:

    1. Lack of input validation
    2. Unverified uploads
    3. Cross-site scripting
    4. Unencrypted data, etc.

    3. Network Vulnerability:
    A weakness happen in network which can be hardware or software.
    For examples:

    1. Unprotected communication
    2. Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
    3. Social engineering attacks
    4. Misconfigured firewalls

    4. Procedural Vulnerability:
    A weakness happen in an organization operational methods.
    For examples:

    1. Password procedure – Password should follow the standard password policy.
    2. Training procedure – Employees must know which actions should be taken and what to do to handle the security. Employees must never be asked for user credentials online. Make the employees know social engineering and phishing threats.

    Adapted from:
    "Vulnerabilities in Information Security" by theinthaythimgGeeks for Geeks is licensed under CC BY-SA 4.0

    This page titled 1.5: Vulnerabilities is shared under a CC BY-SA license and was authored, remixed, and/or curated by Patrick McClanahan.

    1. Back to top
    • Was this article helpful?

    Recommended articles

    1. Article type
      Section or Page
      Author
      Patrick McClanahan
      License
      CC BY-SA
    2. Tags
      This page has no tags.