Anatomy of a Vulnerability

Bookmark and Share
When one thinks of vulnerabilities, one considers a weakness in a security design, some flaw that can be
exploited to defeat the defense. In medieval days, a vulnerability of a castle was that it could be laid siege.
In more modern terms, a bulletproof vest could be vulnerable to a specially made bullet, or by aiming at a
different body part not protected by the vest. In fact, as many different security measures that have been
invented have been circumvented almost at the point of conception.
A computer vulnerability is a flaw in the security of a computer system. The security is the support
structure that prevents unauthorized access to the computer. When a vulnerability is exploited, the person
using the vulnerability will gain some additional influence over the computer system that may allow a
compromise of the systems’ integrity.
Computers have a range of different defenses, ranging from passwords to file permissions. Computer
“virtual” existence is a completely unique concept that doesn’t relate well to physical security. However,
in terms of computer security, the techniques to break in are finite and can be described.
This book breaks down the logic to computer security vulnerabilities so that they can fit within specific
categories that make them understandable. Provided with a vulnerability, the danger and function of each
possible type of vulnerability can be explained, and paths of access enhancements can be determined.
There are four basic types of vulnerabilities, which are relative to two factors: what is the specific target of
the vulnerability in terms of computer or person, and the other is how quickly the vulnerability works. One
could imagine this as a matrix:
download free Vulnerability book