Vulnerabilities in systems Flashcards
Advanced persistent threat (APT):
An instance when a threat actor maintains unauthorized access to a system for an extended period of time
Attack surface:
All the potential vulnerabilities that a threat actor could exploit
Attack vector:
The pathways attackers use to penetrate security defenses
Attack tree
A diagram that maps threats to assets
Bug bounty:
Programs that encourage freelance hackers to find and report vulnerabilities
Common Vulnerabilities and Exposures (CVE®) list:
An openly accessible dictionary of known vulnerabilities and exposures
Common Vulnerability Scoring System (CVSS):
A measurement system that scores the severity of a vulnerability
CVE Numbering Authority (CNA):
An organization that volunteers to analyze and distribute information on eligible CVEs
Defense in depth
A layered approach to vulnerability management that reduces risk
Exploit:
A way of taking advantage of a vulnerability
Exposure:
A mistake that can be exploited by a threat
MITRE:
A collection of non-profit research and development centers
Hacker:
Any person who uses computers to gain access to computer systems, networks, or data
Security hardening:
The process of strengthening a system to reduce its vulnerability and attack surface
Vulnerability:
A weakness that can be exploited by a threat
