Vulnerabilities are weaknesses in a system that gives threats the opportunity to compromise assets. All systems have vulnerabilities. Even though the technologies are improving but the number of vulnerabilities are increasing such as tens of millions of lines of code, many developers, human weaknesses, etc. Vulnerabilities mostly happened because of Hardware, Software, Network and Procedural vulnerabilities.
1. Hardware Vulnerability:
A hardware vulnerability is a weakness which can used to attack the system hardware through physically or remotely.
- Old version of systems or devices
- Unprotected storage
- Unencrypted devices, etc.
2. Software Vulnerability:
A software error happen in development or configuration such as the execution of it can violate the security policy. For examples:
- Lack of input validation
- Unverified uploads
- Cross-site scripting
- Unencrypted data, etc.
3. Network Vulnerability:
A weakness happen in network which can be hardware or software.
- Unprotected communication
- Malware or malicious software (e.g.:Viruses, Keyloggers, Worms, etc)
- Social engineering attacks
- Misconfigured firewalls
4. Procedural Vulnerability:
A weakness happen in an organization operational methods.
- Password procedure – Password should follow the standard password policy.
- Training procedure – Employees must know which actions should be taken and what to do to handle the security. Employees must never be asked for user credentials online. Make the employees know social engineering and phishing threats.
Don’t stop now and take your learning to the next level. Learn all the important concepts of Data Structures and Algorithms with the help of the most trusted course: DSA Self Paced. Become industry ready at a student-friendly price.
- Difference between Information Security and Network Security
- Difference between Cyber Security and Information Security
- Principal of Information System Security : Security System Development Life Cycle
- Need Of Information Security
- What is Information Security?
- Information Security | Confidentiality
- Information System and Security
- Availability in Information Security
- Information Security | Integrity
- Threats to Information Security
- Risk Management for Information Security | Set-2
- Risk Management for Information Security | Set-1
- Information Security and Cyber Laws
- Information Security and Computer Forensics
- Digital Forensics in Information Security
- Principle of Information System Security
- Message Digest in Information security
- Approaches to Information Security Implementation
- Principal of Information System Security : History
- Active and Passive attacks in Information Security