Vulnerability Management

Exploitable Weakness in a Computer System:

• Vulnerabilities weaken the overall security of a computer system and can be exploited by attackers to perform unauthorized actions.
• Vulnerability management is a cyclical practice that includes discovering assets, prioritizing and assessing vulnerabilities, reporting, remediating, and verifying.
• A security risk is not the same as a vulnerability, as the risk is the potential for impact resulting from the exploit of a vulnerability.
• Vulnerabilities can be classified based on the asset class they are related to, and the most vulnerable point in most information systems is the human user.
• The impact of a security breach can be high, and IT managers have a responsibility to manage IT risk.
• Penetration testing is a form of verification of the weakness and countermeasures adopted by an organization.
• The defense-in-depth principle is a multilayer defense system that can protect against attacks.
• Mitre Corporation maintains an incomplete list of publicly disclosed vulnerabilities in a system called Common Vulnerabilities and Exposures (CVE).
• Vulnerabilities can manifest in software, hardware, site, personnel, and other aspects.
• The most common types of software flaws that lead to vulnerabilities include buffer overflows, SQL injection, and cross-site scripting.
• A pure technical approach cannot always protect physical assets, and technical protections do not necessarily stop social engineering attacks.
• Examples of vulnerabilities include zero-day attacks, hardware vulnerabilities, and coding flaws.