What is a vulnerability?

July 12, 2008 in Vulnerabilities
Tags: Vulnerabilities

A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application. The term “vulnerability” is often used very loosely. However, here we need to distinguish threats, attacks, and countermeasures.

Please do not post any actual vulnerabilities in products, services, or web applications. Those disclosure reports should be posted to bugtraq or full-disclosure mailing lists.

Examples of vulnerabilities

Lack of input validation on user input
Lack of sufficient logging mechanism
Fail-open error handling
Not closing the database connection properly

For a great overview, check out the OWASP Top Ten Project. You can read about the top vulnerabilities and download a paper that covers them in detail. Many organizations and agencies use the Top Ten as a way of creating awareness about application security.

Like this:

Be the first to like this post.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Page
- About
- Contact
- Home
Archives
- July 2008
Recent Posts
Recent Comments

jatnikonm on Siapapun Bisa Jadi Hacker
Blog Stats
- 116 hits

IT SECURITY
Download
Tips and Tricks

Groan Blog