Difference between revisions of "Security flaw"

From Clinfowiki
Jump to: navigation, search
Line 1: Line 1:
Security flaws can be a weakness or [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] in the design of an application or in the procedures in using an application. This type of weakness allows attackers to comprise the integrity, availability and confidentiality of a system.<ref name="security vulnerability">Definition of a Security Vulnerability.https://msdn.microsoft.com/en-us/library/cc751383.aspx</ref> Also a security flaw can be know or unknown. With known security flaws it may be possible to create procedure to mitigate those know weaknesses. With unknown security flaws one may not realize there is a weakness until that weakness has been exploited. An example would be a [http://en.wikipedia.org/wiki/Zero-day_attack/ Zero day attack] vulnerability which means no-one has seen that method of attack until it occurs.
+
Security flaws can be a weakness or [http://en.wikipedia.org/wiki/Vulnerability_(computing) vulnerability] in the design of an application or in the procedures in using an application. This type of weakness allows attackers to comprise the integrity, availability and confidentiality of a system.<ref name="security vulnerability">Definition of a Security Vulnerability.https://msdn.microsoft.com/en-us/library/cc751383.aspx</ref> Also a security flaw can be known or unknown flaw. With known security flaws it may be possible to create procedures to mitigate those know weaknesses. With unknown security flaws one may not realize there is a weakness until that weakness has been exploited. An example would be a [http://en.wikipedia.org/wiki/Zero-day_attack/ Zero day attack] vulnerability which means no-one has seen that method of attack until it occurs.
  
 
Security flaws can be related to:
 
Security flaws can be related to:

Revision as of 01:47, 7 April 2015

Security flaws can be a weakness or vulnerability in the design of an application or in the procedures in using an application. This type of weakness allows attackers to comprise the integrity, availability and confidentiality of a system.[1] Also a security flaw can be known or unknown flaw. With known security flaws it may be possible to create procedures to mitigate those know weaknesses. With unknown security flaws one may not realize there is a weakness until that weakness has been exploited. An example would be a Zero day attack vulnerability which means no-one has seen that method of attack until it occurs.

Security flaws can be related to:

  • Security measures with the organization (Policy requiring dual control)
  • Physical environment of the system (Secure access to the server room)
  • Hardware (No alternate power supply)
  • Software design (Programming error)
  • Communication (Not encrypted)
  • Business operations (Operating procedures)
  • Administration procedures (Too many employees with administrated authority)


References

  1. Definition of a Security Vulnerability.https://msdn.microsoft.com/en-us/library/cc751383.aspx