Vulnerability and Exploit Types

A software vulnerability is a design flaw that can cause the application security system to be circumvented or that will cause the application to crash.

can exist because of misconfigurations or poor practice

An exploit is the specific code or method of using a vulnerability to gain control of a system or damage it in some way.

Zero-Day Vulnerabilities and Exploits

Most vulnerabilities are discovered by software and security researchers
- notify the vendor to give them time to patch the vulnerability before releasing details to the wider public

A vulnerability that is exploited before the developer knows about it or can release a patch is called a zero-day.

can be very destructive
- can take vendor a lot of time to patch
- leaves systems vulnerable for days, weeks, or years

Info

The term zero-day is usually applied to the vulnerability itself but can also refer to an attack or malware that exploits it.

Unpatched and Legacy Systems

An unpatched system is one that its owner has not updated with OS and application patches.

A legacy system is one where the software vendor no longer provides support or fixes for problems.

greater threat than zero-days as they are more common

adam's notes

Table of Contents

Vulnerability and Exploit Types

Zero-Day Vulnerabilities and Exploits

Unpatched and Legacy Systems

Graph View

Backlinks