In computer security, the term vulnerability is applied to a weakness in a system which allows an attacker to violate the integrity of that system. Vulnerabilities may result from weak passwords, software bugs, a computer virus or other malware, a script code injection, or a SQL injection.
A security risk is classified as a vulnerability if it is recognized as a possible means of attack. A security risk with one or more known instances of working and fully-implemented attacks is classified as an exploit.
Constructs in programming languages that are difficult to use properly can be a large source of vulnerabilities.
A security risk is classified as a vulnerability if it is recognized as a possible means of attack. A security risk with one or more known instances of working and fully-implemented attacks is classified as an exploit.
Constructs in programming languages that are difficult to use properly can be a large source of vulnerabilities.
Examples of vulnerabilities:
Common types of vulnerabilities include:
* Memory safety violations, such as:
- Buffer overflows
- Dangling pointers
- Format string bugs
- Improperly handling shell metacharacters so they are interpreted
- SQL injection
- Code injection
- E-mail injection
- Directory traversal
- Cross-site scripting in web applications
- HTTP header injection
- HTTP response splitting
- Time-of-check-to-time-of-use bugs
- Symlink races
- Cross-site request forgery in web applications
- Clickjacking
- FTP bounce attack
- Privilege escalation
- Warning fatigue or user conditioning
- Blaming the Victim Prompting a user to make a security decision without giving the user enough information to answer it.
- Race Conditions
wikipedia.org
Posts
No comments:
Post a Comment