***Welcome to ashrafedu.blogspot.com * * * This website is maintained by ASHRAF***

Posts

    Latest Updates

    Friday, April 29, 2022

    Cyber Security Vulnerabilities

    In cyber security, vulnerability is a weakness that can be exploited by cybercriminals to gain unauthorized access to a computer system. After exploiting vulnerability, a cyber attack can run malicious code, install malware and even steal sensitive data.

    Vulnerabilities can be exploited by a variety of methods including SQL injection, buffer overflows, cross-site scripting (XSS) and open-source exploit kits that look for known vulnerabilities and security weaknesses in web applications.

    I. Causes of Vulnerabilities

    There are many causes of vulnerabilities including:

    Complexity

    ‍Complex systems increase the probability of a flaw, misconfigurations or unintended access.

    Familiarity

    ‍Common code, software, operating systems and hardware increase the probability that an attacker can find or has information about known vulnerabilities.

    Connectivity

    ‍The more connected a device is the higher the chance of a vulnerability.

    Poor Password Management

    ‍Weak passwords can be broken with brute force and reusing passwords can result in one data breach becoming many.

    Operating System Flaws

    ‍Like any software, operating systems can have flaws. Operating systems that are insecure by default and allow any user to gain access and potentially inject viruses and malware.‍

    Internet Usage

    ‍The Internet is full of spyware and adware that can be installed automatically on computers.

    Software Bugs

    ‍Programmers can accidentally or deliberately leave an exploitable bug in software. Sometimes end users fail to update their software leaving them unpatched and vulnerable to exploitation.

    Unchecked User Input

    ‍If your website or software assumes all input is safe it may execute unintended SQL commands.

    People

    ‍The biggest vulnerability in any organization is the human at the end of the system. Social engineering is the biggest threat to the majority of organizations.

    II. Vulnerabilities Classification

    Vulnerabilities can be classified into six broad categories

    1. Hardware

    Susceptibility to humidity, dust, soiling, natural disaster, poor encryption or firmware vulnerability.

    2. Software

    ‍Insufficient testing, lack of audit trail, design flaws, memory safety violations (buffer overflows, over-reads, dangling pointers), input validation errors (code injection, cross-site scripting (XSS), directory traversal, email injection, format string attacks, HTTP header injection, HTTP response splitting, SQL injection), privilege-confusion bugs (clickjacking, cross-site request forgery, FTP bounce attack), race conditions (symlink races, time-of-check-to-time-of-use bugs), side channel attacks, timing attacks and user interface failures (blaming the victim, race conditions, warning fatigue).

    3. Network

    Unprotected communication lines, man-in-the-middle attacks, insecure network architecture, lack of authentication or default authentication.

    4. Personnel

    Poor recruiting policy, lack of security awareness and training, poor adherence to security training, poor password management or downloading malware via email attachments.

    5. Physical site

    ‍Area subject to natural disaster, unreliable power source or no keycard access.

    6. Organizational

    ‍Lack of audit, continuity plan, security or incident response plan.

    1 comment:

    Network session analysis

    Network session analysis Network session analysis is a method of monitoring network activity and availability to identify issues, such as ...