Vulnerability Analysis Flashcards
What is vulnerability analysis?
The process of identifying, quantifying, and prioritizing security weaknesses in a system.
What is a zero-day vulnerability?
A software vulnerability unknown to the vendor, with no existing patch, making it vulnerable to exploitation.
What is CVE?
Common Vulnerabilities and Exposures (CVE) is a database of publicly known information security vulnerabilities and exposures.
What is the purpose of a vulnerability scanner?
To automate the identification of security vulnerabilities in systems, networks, and applications.
What is the difference between a vulnerability and an exploit?
A vulnerability is a weakness in a system; an exploit is the action that takes advantage of the vulnerability.
What is a patch?
A software update designed to fix vulnerabilities, bugs, or enhance security.
What is a security misconfiguration?
A vulnerability caused by incorrect system or application settings that expose the system to risk.
What is OWASP?
The Open Web Application Security Project (OWASP) is a nonprofit foundation focused on improving the security of software.
What is a buffer overflow?
What is a buffer overflow?
What is penetration testing?
A simulated attack on a system, network, or application to find vulnerabilities that could be exploited.
What is privilege escalation in vulnerability analysis?
A situation where a user exploits a vulnerability to gain elevated access to resources that should be unavailable.
What is the CVSS score?
The Common Vulnerability Scoring System (CVSS) is a standard method for assessing the severity of security vulnerabilities.
