Vulnerability Assessment

This section focuses on Vulnerability Assessment. You will explore both technical and non-technical vulnerabilities and the systems used for tracking and researching these vulnerabilities within the cybersecurity community. A key part of a cybersecurity professional's role is to find vulnerabilities, assess their criticality, and understand their impact on the client. For pentesters, discovering and exploiting vulnerabilities to simulate adversaries is central to the role, while reporting and relating these findings to the business context is where the value of their work truly lies.

What is vulnerability?

Vulnerability understanding means recognizing weaknesses or gaps in a system or software that could be exploited by attackers. These weaknesses might allow unauthorized access, data tampering, or service disruptions. When we understand vulnerabilities, we can work to fix them and protect our systems.

The CIA Triad stands for Confidentiality, Integrity, and Availability. It's about keeping information private, ensuring data is accurate and trustworthy, and making sure services are available when needed. Understanding vulnerabilities helps us maintain this balance, so our data is safe, reliable, and always accessible.

What is CVE?

CVE (Common Vulnerabilities and Exposures) is a system that assigns unique identifiers to publicly known security vulnerabilities. Think of it like a code for each "issue" a computer program might have. This makes it easier to talk about and track these problems across different systems and software. It helps security professionals and users know what vulnerabilities exist and take actions to protect their systems.

What is NVD?

NVD (National Vulnerability Database) is like a big library of information about computer vulnerabilities. It's a place where you can find details about security problems in software, like apps and operating systems. NVD provides descriptions, severity ratings, and fixes for these vulnerabilities, helping people understand the risks and how to keep their systems safe. It's a valuable resource for cybersecurity professionals and users who want to stay informed and protected.

Zero Day Attack

A zero-day is like a surprise attack on your computer. It's a secret way that hackers find to break into software before the software's creators even know about it. Because no one knows about it, there's "zero days" to fix it before hackers can use it to cause trouble. It's a bit like thieves finding a hidden entrance into a building that nobody else knows about.

Risk management

Risk management is like playing chess with your computer systems. You identify potential threats, like hackers or system failures, and figure out how likely they are to happen and how much damage they could cause. Then, you make smart moves to protect your systems by putting up defenses, like firewalls and backups. It's about anticipating trouble, planning ahead, and staying one step ahead of the game to keep your digital kingdom safe.

Hacker's Mantra:Hacking involves a different way of looking at problems that no one’s thought of. Walter O’Brien

PreviousMySQL & MSSQL Enumeration NextCase Study: Heartbleed Vulnerability (CVE-2014-0160)

Last updated 11 months ago

Was this helpful?