Overview#
Vulnerability is a weakness in confidentiality, integrity, Authentication or Authorization or some typically security component which could allow an unfortunate eventVulnerability can typically have a Classification as one of:When Vulnerability is used by an Attacker for an attack a Vulnerability is known as an Exploit
When an attack is successful and data is exposed, then this is a Breach or Data BreachVulnerability Assessments should yield a prioritized list of vulnerabilities that SHOULD be addressed for "proper" security.Penetration Tests are designed to achieve a specific, attacker-simulated goal and should be requested by customers who are already at their desired security posture.
More Information#
There might be more information for this subject on one of the following:- Acceptable risk
- Advanced Persistent Threat
- Arbitrary code execution
- Attacker
- Breach
- Bug
- Centralized Exchange
- Challenge-Handshake Authentication Protocol
- Class-Break
- Code injection
- Common Vulnerabilities and Exposures
- Common Vulnerability Scoring System
- Common Weakness Enumeration
- Continuity Management
- Continuous integration
- Covert Redirect Vulnerability
- Credential Leaked Databases
- Credential Reuse
- Cross-site request forgery
- Cross-site scripting
- CryptoAPI
- Cryptographically Weak
- DIGEST-MD5
- Data anonymization
- Doc Searls
- EDirectory TLS
- Exploit
- Exploitability Metrics
- Heartbleed
- How To Crack SSL-TLS
- IDM Related Compliance Items
- Implementation Vulnerability
- Implicit Grant
- Key Reinstallation AttaCKs
- Logjam
- Lucky 13
- MD4
- Mallory
- NIST.SP.800-70
- NT LAN Manager Vulnerabilities
- Netlogon Remote Protocol
- Non-Repudiation
- OAuth 2.0 JWT Secured Authorization Request
- OAuth 2.0 Vulnerabilities
- OXD
- Opportunistic Attack
- Opportunistic encryption
- PASSWD_NOTREQD
- Password Authentication is Broken
- Private Communications Technology
- Project Zero
- Protocol Vulnerability
- Provisioning
- QUANTUM
- Rowhammer
- SQL Injection
- SS7 hack
- Secure by design
- Secure connection
- Service Account
- Short Message Service
- Signalling System No. 7
- Spam
- Stagefright
- Subscriber Identification Module
- Threat
- Threat Model
- Transport Layer Security
- Unfortunate event
- United States Computer Emergency Readiness Team
- Vulnerability
- Vulnerability Assessment
- WebView
- What To Do About Passwords
- Wi-Fi Protected Access 2
- Zero-day
